UPDATE September 15
On a Related Note…ALA’s Office of Intellectual Freedom (OIF) Becomes a Let’s Encrypt Sponsor
—
From the Let’s Encrypt Blog:
Let’s Encrypt passed another major milestone by issuing our first certificate. You can see it in action here.
Our cross signature is not yet in place, however this certificate is fully functional for clients with the ISRG root in their trust store. When we are cross signed, approximately a month from now, our certificates will work just about anywhere while our root propagates. We submitted initial applications to the root programs for Mozilla, Google, Microsoft, and Apple today.
The post goes on to say that “general availability” is coming “over the next couple of months.”
Read the Complete Blog Post
Learn More About Let’s Encrypt, How to Get Involved
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
See Also: EFF on “What Every Librarian Needs to Know About HTTPS” (May 7, 2015)
About Gary Price
