Let's Encrypt Wants to Help Improve the CA Model
The executive director of the Internet Security Research Group discusses approaches that can be used to further improve the certificate authority system. [VIDEO]
Let's Encrypt, a non-profit effort that brings free SSL/TLS certificates to the web, was first announced in November 2014 and became a Linux Foundation Collaborative Project in April 2015. To date, it has provided more than 5 million free certificates.
While having an SSL/TLS certificate to encrypt traffic is an important element of web security, it's not the only one, said Josh Aas, executive director of the Internet Security Research Group and leader of Let's Encrypt.
"There is a lot in the total picture of what makes a website secure, and we can do a lot to help a certain part of it," he said in a video interview.
A key element of SSL/TLS security is the certificate authority (CA) system of which Let's Encrypt is a part. There are multiple efforts underway to help further improve the CA model, including using certificate transparency logs, which help validate SSL/TLS certificate issuance.
"If we don't know what CAs are doing, we don't know if they are doing it the right way," Aas said. "CT is a way to see what everyone is doing. If you want to be trusted, you need to be publicly transparent about what you're doing."
Watch the video with Josh Aas below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.