Mozilla, Akamai, Cisco, the EFF, and Identrust are teaming up for Let’s Encrypt, an effort to make SSL encryption free and easy.
This is important, because it means mundane stuff will get encrypted. When SSL/TLS traffic are no longer flagged as special, security will increase.
Think about it. When only important data is encrypted, it calls attention to itself. But when the mundane, unimportant is encrypted, that makes it hard to find the good stuff because encryption is no longer a hallmark of being worthy of attention.This makes it harder for criminal organizations, hostile governments–whatever you think of the NSA and the U.S. government in general, you must agree there are some governments that are hostile–and other undesirables to find the stuff you really need to protect.
When we make the bad behavior difficult enough, the bad behavior stops, or at least reduces in quantity significantly. And once the framework is in place, we can strengthen it by introducing higher bit lengths and newer, stronger ciphers–which will be easier going forward if we keep revising our browsers and operating systems on a rapid basis.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.