'Let's Encrypt' Project Strives To Make Encryption Simple

← Back to Stories (view on slashdot.org)

'Let's Encrypt' Project Strives To Make Encryption Simple

Posted by Soulskill on Friday April 10, 2015 @02:54AM from the reaching-for-peak-encryption dept.

jones_supa writes: As part of an effort to make encryption a standard component of every application, the Linux Foundation has launched the Let's Encrypt project (announcement) and stated its intention to provide access to a free certificate management service. Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it's just too easy to steal data that is not encrypted. In its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin claims the Let's Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands. The project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group. This work is sponsored by Akamai, Cisco, EFF, Mozilla, IdenTrust, and Automattic, which all are Linux Foundation patrons. Visit Let's Encrypt official website to get involved.

116 comments

Min score:

Reason:

Sort:

Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 03:01 · Score: 0, Flamebait

Encryption often fails because of PEBCAK. Making it simple won't fix that.
1. Re:Encryption done right isn't simple... by bazmail · 2015-04-10 03:11 · Score: 5, Insightful
  
  Making it simple will go a long way to avoiding PEBCAK problems. Simpler processes give less opportunity for human error.
2. Re:Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 03:19 · Score: 1
  
  Encryption you don't have to think about is probably pretty vulnerable.
  I consider myself somewhat crypto savvy (I've read a lot of crypto papers and can do some basic differential and linear cryptanalysis), but I don't encrypt any of my files or e-mails. For me the costs outweigh the benefits.
3. Re:Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 04:22 · Score: 0
  
  The problem with only encrypting "sensitive" material is that it flags encrypted material as sensitive. If everything is encrypted it's impossible to tell what's sensitive.
  Everything I own is encrypted: my Android, my PC, my NAS. Everyone should be doing that. I even install S/MIME certificates for my wife and kids' email programs. We use TextSecure and RedPhone instead of the "traditional" apps. It doesn't take any additional work beyond the initial setup.
4. Re:Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 04:33 · Score: 0
  
  I've needed on a number of occasions to recover data from disks I can't boot from.
5. Re:Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 04:37 · Score: 1
  
  Which is unfortunately utter bullshit and history is there to prove it.
  Look at SSL for example. It's simple for the end-user, he/she doesn't need to do anything to use it, still it has failed us many times now.
  Good encryption isn't simple, you need to know what you're doing. If you don't know what you're doing, you also don't know if you make mistakes. You can also easily become a target of phishers or other con artists.
6. Re:Encryption done right isn't simple... by jellomizer · 2015-04-10 04:50 · Score: 1
  
  Yes it will.
  OK you want to encrypt a file. You find instructions and you follow each step correctly you got a encrypted system.
  Now following steps is stuff a computer can do. You need humans to do things a little more creative. So it makes sense that you have a simpler process for this. That does all the non-simple things in a few commands.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
7. Re:Encryption done right isn't simple... by mlts · 2015-04-10 04:53 · Score: 1
  
  I just keep good backups. Encrypted, of course. With the fact that SSDs actually overwrite deleted data when the garbage collector decides to, deleted data tends to be -gone- for good.
8. Re:Encryption done right isn't simple... by Anonymous Coward · 2015-04-10 07:06 · Score: 1
  
  (1) He didn't say it eliminates PEBCAK, he said it will go a long way in reducing (avoiding) problems. If you dispute this, I'd like to know why.
  (2) He didn't say encryption was simple. In fact he almost implied that it isn't simple (of course it's not), that's why we need to not expose end users to aspects that require expert-level knowledge.
  I feel like bazmail said something akin to, "A bike helps me get to work faster (than walking)" and you're shouting, "A plane won't help you get to work any faster!!!"
9. Re:Encryption done right isn't simple... by dcollins117 · 2015-04-10 10:06 · Score: 2
  
  I've needed on a number of occasions to recover data from disks I can't boot from.
  Then you have inadequate backups. That's a different issue from encryption.
Warning!!! by bazmail · 2015-04-10 03:02 · Score: 5, Funny

Having conversations that your government can't eavesdrop on is tantamount to terrorism.

You have been warned.
1. Re: Warning!!! by Anonymous Coward · 2015-04-10 03:17 · Score: 2, Insightful
  
  This. A thousand times over. You may not like it, I sure as hell don't like it, but we live in the Surveillance Age now and will probably be for the rest of our lives. While it may appear noble and idealistic to want to oppose it, it's also foolish if not downright suicidal. One can't fight the State, especially not when the vast majority of the populace supports it. It's best to choose one's battle and to know when you're beaten. We're beaten. Privacy is dead. It's not coming back. Move on.
2. Re: Warning!!! by Anonymous Coward · 2015-04-10 03:33 · Score: 1
  
  So in other words just roll over and accept it........ And which branch of of which government do you work for?.
  You might be beaten, others are not......
3. Re: Warning!!! by clonehappy · 2015-04-10 03:34 · Score: 4, Insightful
  
  Cowards like you have never changed the world. Sad, really. Not that I think I'm going to, or anything, but for fuck's sake man stop being a pussy! If we're so beaten, and privacy's so dead, then what the fuck have we to lose by figthing for what's right?
  I'd rather be suicidal and on the right side of history than get to live a meek, shallow little existence cowering in my hole waiting to die, afraid to say the wrong thing or think the wrong ideas. Sure, someone may eventually kill me or persecute me because I believe in freedom and liberty and privacy, but they won't be taking away my dignity. I've done nothing wrong, and I have the right to think and say what I want (as do you). I, for one, will be exercising those rights until I'm six feet under.
  Being cowards and letting everyone roll over on us is how we got in this mess in the first place. It's not too late to take ownership of your historical defeatism and try to affect change.
4. Re: Warning!!! by pla · 2015-04-10 03:38 · Score: 5, Insightful
  
  we live in the Surveillance Age now and will probably be for the rest of our lives.
  
  Probably true - But I'll still use encryption for my private files and communications. I'll still refrain from screaming what I had for breakfast into the ether. I'll still make up random information when registering for any service that doesn't need real info to perform its core function. I'll still "fuzz" personal details when relevant to discussions on sites such as Slashdot. I'll still bait telemarketers even though they probably know more about me than I do. And, I'll still make Officer Twitchy get a warrant to search my phone, even if it means I get shot in the back trying to peacefully walk away.
  
  Accepting the reality of something doesn't mean you should just give up - We all unavoidably die, why don't we all just commit suicide now and save ourselves the hassle of wasting all that time working and sleeping and exercising-so-we-can-live-longer and such? Sometimes, "accepting" something means "fight harder anyway".
5. Re: Warning!!! by Anonymous Coward · 2015-04-10 03:39 · Score: 0
  
  Privacy in the internet will become a privilege, just as privacy in real life.
6. Re:Warning!!! by lq_x_pl · 2015-04-10 03:41 · Score: 2
  
  This is one reason why Steganography is so powerful. A heavily-encrypted communication stream just screams "HEY LOOK! I'M NOT LETTING YOU PEEK AT MY STUFF." Information protected in plain sight (hidden in something innocuous), does much less screaming.
  
  --
  An internal system operation returned the error "The operation completed successfully.".
7. Re:Warning!!! by Anonymous Coward · 2015-04-10 03:46 · Score: 5, Insightful
  
  Yes but if everybody has access to simple to use encryption that stigma goes away, when encrypted traffic is the norm rather than the exception then Its use is not a red flag. Mass adoption is in itself protection.
8. Re:Warning!!! by qbast · 2015-04-10 03:53 · Score: 2
  
  Don't worry, all the founders of 'lets encrypt' are entities based in USA, so you can bet private keys of each issued certificate will be delivered to appropriate authorities.
9. Re:Warning!!! by Tokolosh · 2015-04-10 03:57 · Score: 1
  
  I am particularly uncomfortable with the presence of Cisco in this party.
  
  --
  Prove anything by multiplying Huge Number times Tiny Number
10. Re: Warning!!! by irrational_design · 2015-04-10 04:16 · Score: 1, Insightful
  
  "on the right side of history" This phrase has always confused me. Unless you are a prophet or time traveler, how do you know you are on the "right side" of history until a significant enough time has passed? And what does "right side" even mean? Is this about winners and losers? Was Stalin on the right side of history since he was a winner (in a manner of speaking) while Hitler was on the wrong side of history since he was a loser? Or is this some kind of moral/ethical rightness? But how do we know what will be moral/ethical at a point in the future that our time is considered to be history? 100 years ago I'm pretty sure the average person wouldn't have considered someone who supported gay rights to be on the right side of history. Again, until enough time has passed, how can you know that you are/were on the right side of history? It sounds like wishful thinking to me.
11. Re:Warning!!! by bazmail · 2015-04-10 04:18 · Score: 2
  
  lol. Thats exactly what I thought when I saw the logos on the right hand side.
  
  Cisco: hey guys whatcha doin. listening to music huh? Yeah I love me some hippedy-hop music.
12. Re: Warning!!! by Anonymous Coward · 2015-04-10 04:40 · Score: 0
  
  What's happening now has been going on, enough time has passed. Spying on your own citizens is BAD. The wrong side of history.
13. Re: Warning!!! by bill_mcgonigle · 2015-04-10 04:48 · Score: 1
  
  then what the fuck have we to lose by figthing for what's right?
  Comfort and complacency? If you set the value of freedom to zero, there are still other benefits to be enjoyed. Perhaps you've heard of "bread and circuses"? (this isn't a new problem).
  I'd rather be suicidal and on the right side of history than get to live a meek, shallow little existence cowering in my hole waiting to die
  Realize that you're in a small minority. And in a democracy, the majority gets to enforce their view on you that your freedom doesn't matter.
  "The blessings of liberty are occasionally fought for and earned by the few, then temporarily bestowed on the undeserving masses, to be lost again when they forget why they had achieved happiness".
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
14. Re: Warning!!! by Anonymous Coward · 2015-04-10 04:52 · Score: 0
  
  Wow, you are actually sounding like you work for a TLA, not just the usual opposing viewpoint.
15. Re: Warning!!! by clonehappy · 2015-04-10 04:53 · Score: 1
  
  I'm not sure why I'm responding to you, as it's obvious to me that you're being disingenuous. Doing the "right thing" is obvious to most people. If you have no moral or ethical compass, then I'm sure this one's hard for you.
  But anyone who was taught right from wrong knows that wholesale monitoring of the private communications of citizens in a free country is a bad thing. It can only lead to abuses and tyrannical actions by those doing the spying. Opposing something that foments tyranny is being on the right side of history.
  Wishful thinking is going along to get along and hoping that history won't repeat itself. Rolling over to every abuse of authority gives a group of people already predisposed to sociopathy the psychological approval they need to commit more and larger abuses because they think we're all marks and they can just continue to pull the wool over your eyes. It can go no other way, unless you stand up for yourself.
  If you stick your neck out, it might get you decapitated, or it might not. But cowering ensures the negative outcome every time. The choice is up to each and every one of us.
16. Re: Warning!!! by Anonymous Coward · 2015-04-10 04:55 · Score: 0
  
  I'm okay with suicide, as long as my life meant a teeny tiny bit to the fight.
  Yes, I'm already suicidal.
17. Re: Warning!!! by bill_mcgonigle · 2015-04-10 05:00 · Score: 3, Interesting
  
  "on the right side of history" This phrase has always confused me. Unless you are a prophet or time traveler, how do you know you are on the "right side" of history until a significant enough time has passed?
  Look at long-term trends.
  Two thousand years ago personal freedom was rare and people were the per se property of their Sovereign. Warring was common, dueling was how arguments were settled, and people drowned their extra babies. Human life had fairly little social value and everything was controlled by the whims of the Gods, regardless.
  In the more advanced civilizations today, people can do pretty much whatever they want in terms of personal liberty, and there's a bunch of obfuscation to disguise the fact that they're still owned by their Sovereign (because they wouldn't accept it consciously). Cooperation is markedly increased, resulting in the march of technology.
  The safe bet is for the trend-lines to continue towards more tolerance, more personal freedom, more blessings of enhanced communications and technology, and a sunset of the nation-state as the pervasive governing mechanism.
  There's no guarantee, but the trends are very strong with only slight perturbations, so to bet against it is a fools' errand. To bet on more authoritarianism, more mercantilism, and more central planning while betting against more peace, more tolerance, and more liberty is a great way to be considered a fool, in history books written far enough into the future (there are always short-term gains for such sociopathic behaviors, so don't expect the history books written tomorrow to judge yesterday's tyrant harshly).
  Historians in 3015 may judge this post harshly, but I wouldn't bet on it.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
18. Re: Warning!!! by newbie_fantod · 2015-04-10 05:16 · Score: 1
  
  I take "the right side of history" to mean the side that promoted right over wrong, as considered at some later date.
  This does assume that right and wrong exist, and that we can tell the difference between them. 100 years ago, there would have been a small minority of people on the right side of history vis-a-vi gay rights, but it would still have been the right side of history.
19. Re:Warning!!! by Altrag · 2015-04-10 05:45 · Score: 1
  
  Well I didn't read the details of how they're planning to set this up, but it seems to me that if they have any access to the private keys at all, then they're doing it wrong.
  The private keys must be generated and held privately to be secure (I think that might have something to do with the name..)
  The public key is the only part that should ever be known by or transmitted to a second party (never mind a third party or a MITM.)
20. Re: Warning!!! by Anonymous Coward · 2015-04-10 05:47 · Score: 1
  
  Historians in 3015 may judge this post harshly, but I wouldn't bet on it.
  I agree, the odds of historians in 3015 even FINDING this post are slim to none.
21. Re: Warning!!! by CrimsonAvenger · 2015-04-10 06:08 · Score: 1
  
  Doing the "right thing" is obvious to most people.
  Hmm, that sounds suspiciously like that old Judeo-Christian tradition to me. Or do you really think that, say, Buddhism holds to exactly the same standards of right/wrong as Christianity? Or Islam? Or Confucianism? Or Taoism?
  Hint: right/wrong is pretty much defined by what you were taught as a child as proper behaviour. And different people were taught different things, depending on when/where they were raised....
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
22. Re: Warning!!! by Anonymous Coward · 2015-04-10 06:28 · Score: 0
  
  Poor little kid, do you really think those agencies go about posting on an unimportant site like this? They don't need to. They don't fear you, unlike what you would love to believe. I see many of you nerds love to quote "1984" like it were some kind of bible. Well, think about the ending: Winston Smith does not become a martyr. He does not keep his "dignity" intact. He's a broken man, his spirit is gone, his soul is dead. The Party has won, has destroyed him utterly. As for the real world... Remember Aaron Swartz? Broken, frightened, destroyed. And his "challenge" to the system was minor. Now, stop being a small child and grow up: being adult means leaving childish fantasies behind and understand that the world is way bigger than you, and that there are more powerful people than you. Antagonizing them is not wise. Think about it. Think about the future. If you want to still play here, remember that "The Matrix" is just an entertaining movie, nothing more.
23. Re: Warning!!! by Altrag · 2015-04-10 06:56 · Score: 1
  
  The trouble is that the "right thing" on a large enough scale is often only defined retrospectively by those who retain power. How different would the world be if the USSR had won the cold war?
  Its easy to say "Communism is bad" when you're just parroting what you've been told for the past 50 years.. Its a lot harder to say it objectively because the only communist countries we've really known have had to operate under the yolk of the US anti-communist rampage.
  Hell, morally speaking, the greed-based capitalist philosophy is the one that should be "wrong," at least if you go by the teachings of every kindergarten teacher ever.
24. Re: Warning!!! by MrNiceguy_KS · 2015-04-10 07:02 · Score: 2
  
  Amen to this. The proper response to, "If you don't have anything to hide, what are you worried about?" is "I'm worried about what will happen if I don't hide *everything*," followed up with, "Unless you've got a good reason to be looking, mind your own damn business."
  I absolutely support the idea behind this project. I support encryption everywhere, for everyone. I don't want to live in a world where the only people who are worried about encryption are drug dealers, child porn collectors, international spies, and government folks trying to catch the first three. I don't want to live in a world where use of encryption automatically qualifies as "probable cause".
  In a sense, it's almost like a business having an email retention policy in place. There's nothing suspicious about a company with a policy in place where they automatically delete emails after a certain time period. A company that has a mass purge of old mail 3 hours after being served with a subpoena looks like they have something to hide. In the same vein, if I have an encrypted flash drive that's in the back of my freezer inside a box of fish sticks, that looks suspicious, but if I have full-disk encryption on my desktop, my laptop, and my phone, I'm just taking a wide approach of "secure by default".
  
  --
  Redundancy is good And also good.
25. Re:Warning!!! by Anonymous Coward · 2015-04-10 07:03 · Score: 0
  
  Having conversations that your government can't eavesdrop on is tantamount to terrorism.
  You have been warned.
  Do you know what kind of people think governments spying on citizens is a good thing? Countries where terrorists come from, communists, 3rd world countries, etc...
  They all agree with you and they feel that it is good their governments spy on their phone calls to protect them. Perhaps you should relocate there.
  Keep your prehistoric ideas to yourself, sir. Paranoia and mimicking terrorist thoughts don't work on smart people.
  Sure, we can't stop governments from spying on us. But at least we shouldn't claim we like it.
26. Re: Warning!!! by irrational_design · 2015-04-10 08:03 · Score: 1
  
  So "right side" refers to ethics/morals. But what about the history part? By definition history is in the past. So how do you know that what you think in the present is moral will be considered moral by historians of the future? That is what I mean by wishful thinking. Someone who uses this phrases is basically saying "I think that this action is moral/ethical and I hope that future historians agree with me so that when the future history books are written they will show that I was on the right side of history." I just think that no logical person can use the phrase "the right side of history". Though most of the people who use this phrase are politicians who are pretty much the antithesis of logical.
27. Re: Warning!!! by rthille · 2015-04-10 09:06 · Score: 1
  
  No, the "right thing" is what evolution comes up with as the heuristic for what's best for genes in the long run.
  And that's why it varies from species to species, and environment to environment.
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
28. Re: Warning!!! by irrational_design · 2015-04-10 09:26 · Score: 1
  
  But how would you know that? What if gay rights had never progressed? You would have most likely would have believe at this time that people's beliefs 100 years ago were right (since they match what you currently believe is right) and therefor they were on the right side of history. This smacks of confirmation bias.
29. Re: Warning!!! by dcollins117 · 2015-04-10 10:12 · Score: 1
  
  One can't fight the State, especially not when the vast majority of the populace supports it.
  We're not fighting the State by using encryption. We're protecting out data from unauthorized access. Like good digital citizens.
30. Re: Warning!!! by OutOnARock · 2015-04-10 10:58 · Score: 1
  
  and did you exchange a walk on part in the war for a lead role in a cage....
31. Re: Warning!!! by skegg · 2015-04-10 12:14 · Score: 1
  
  Nicely written.
  I must say I agree with everything you wrote ... except the whole "getting shot in the back". My approach would be to remain in the officer's presence, but to essentially remain mute (or indicate a disinclination to answer) -- surely he can't shoot you for not speaking??? -- until / unless I have my own legal representation.
  In Australia, I believe (IANAL) that we are legally required to give our name, address and D.O.B to police if apprehended. That's it. Only a judge can compel one to speak; and then it becomes a broader issue if one chooses to disobey a judge. If a judge asks for your TrueCrypt passphrase, it's hard to know what you'd do when faced with a couple of years imprisonment.
  And I say the above as someone whose life is incredibly mundane (and very law abiding); yet I still believe in the right to privacy.
32. Re: Warning!!! by newbie_fantod · 2015-04-10 16:57 · Score: 1
  
  You realize that you just made me google confirmation bias on a Friday night? I'm sorry, don't see your point.
  I wasn't saying that I was wise enough to know who is on the right side of history, just that there is a right side on every issue, and what is right doesn't change regardless of how many people agree with it at any given time
33. Re: Warning!!! by irrational_design · 2015-04-10 17:37 · Score: 1
  
  How do you know what is right? 100 years ago people would have said that they were on the right side of history when they excluded gays. Now we look back and say that they were mistaken. But perhaps in 100 years our descendents will look back at us and say that we were mistaken to think that we were on the right side of history. We like to think that we are on the right side of history, just as our ancestors did. But we might be just as mistaken as they were. So claiming that we are on the right side of history seems disingenous at best.
34. Re: Warning!!! by Anonymous Coward · 2015-04-11 07:09 · Score: 0
  
  I'd rather die standing as a free man than to live on my fucking knees.
RTEM by Defenestrar · 2015-04-10 03:28 · Score: 4, Funny

Encrypt everything! Bummer about the decryption man pages...
Unintended Consequences ? by garyebickford · 2015-04-10 03:31 · Score: 1

I can see that one unintended consequence might be an increase in using encryption to obfuscate applications for commercial / anticompetitive reasons, as well as illegal reasons.

--
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
1. Re:Unintended Consequences ? by Virtucon · 2015-04-10 03:36 · Score: 2
  
  there's nothing prohibiting that now.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
2. Re:Unintended Consequences ? by Anonymous Coward · 2015-04-10 03:36 · Score: 0
  
  If someone has a need to use encryption to obfuscate applications for commercial / anticompetitive reasons, as well as illegal reason they will do so. Regardless if this catches on or not.
3. Re:Unintended Consequences ? by nine-times · 2015-04-10 03:42 · Score: 3, Insightful
  
  That's already happening. DRM, for example, has always been partially for commercial reasons (preventing privacy), and largely for anti-competitive reasons (preventing interoperability and forcing people to repurchase the same content repeatedly).
  Encryption is being used for almost every purpose except the good ones. We could use encryption to protect privacy and prevent identity theft, but I guess we can't do that because it might prevent the NSA from snooping on your dick pics.
More of the same by WaffleMonster · 2015-04-10 03:35 · Score: 2

Certs don't work, never have. Aggregating so much power and responsibility into the hands of CAs is just as foolish as key escrows run by governments and organized crime. Something will always go wrong there will always be too much incentive locked up in ensuring that it does. The more successful and useful a "simple" solution for everyone becomes the more incentive exists to coopt it.
The answer is not doubling down on these things and "encrypting" just because you can or just because its easy.
Most systems worth securing already require you to provide a password to login. If you want to improve the status quo and really make a difference then get browser vendors to natively support secure logins via TLS-SRP and relegate free certs to the margins for service discovery and account setup where there is no other practical means of establishing trust.
1. Re:More of the same by Virtucon · 2015-04-10 03:45 · Score: 2
  
  I agree with the trust issue on certs however encrypting doesn't mean that I have to use a trust based model if it's for personal uses or for close proximity use, such as within a family or business environment. The issues are much larger in terms of protecting data whether it's stored or in transit across insecure networks. As a start I'd like to see the CA system revamped or replaced with multiple trust authorities, not just one chain and have meaningful teeth to eliminate trust associations with authorities who violate trust which seems to be more rampant and obvious as of late.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
2. Re:More of the same by Meneth · 2015-04-10 04:04 · Score: 1
  
  Yep.
  Certificate validation is a defense against Man-in-the-Middle attacks. But the "Let's Encrypt" system is vulnerable to a MitM attack between its server and the server that would request the proper certificate.
  It can thus be fooled into issuing false certificates by the very people those certificates should defend against.
3. Re:More of the same by jbmartin6 · 2015-04-10 04:25 · Score: 2
  
  A CA isn't required at all to encrypt, just accept any self-signed certificate. If we want to introduce CAs or other method of identity verification, that may be fine but it is a different problem from encryption. We are seeing bits of this with the various opportunistic encryption extensions to SMTP and HTTP.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
4. Re:More of the same by Anonymous Coward · 2015-04-10 04:26 · Score: 0
  
  Also need a way to warn users of MITM attacks. It's common on school and corporate networks to have every machine with the organization's key installed as a trusted authority so they can MITM everything. That's their right on their own network, but applications should make users aware that it's happening. If I wasn't savvy I'd have no idea that every person in our 1,500-strong IT department had access to my online banking credentials. That's not right no matter whose network it is.
5. Re:More of the same by WaffleMonster · 2015-04-10 04:35 · Score: 1
  
  I agree with the trust issue on certs however encrypting doesn't mean that I have to use a trust based model if it's for personal uses or for close proximity use, such as within a family or business environment.
  Maybe I don't understand what your trying to say but there is no point at all in encrypting without trust. If your saying you would rather use a local CA for internal business or family use this is an excellent idea.
  
  As a start I'd like to see the CA system revamped or replaced with multiple trust authorities, not just one chain and have meaningful teeth to eliminate trust associations with authorities who violate trust which seems to be more rampant and obvious as of late.
  This isn't ever going to happen unless trust anchors are deterministically derivable from DNS names implying little to no choice in your selection of a trust anchor.
  Names is all that you can use because it is all people are willing to accept. Nobody is willing to go to google.com and manually enter or have to confirm use of the proper registry nor does relying on some coordinating structure do anything other than recreate the same problems in a different form.
6. Re:More of the same by Anonymous Coward · 2015-04-10 04:46 · Score: 0
  
  Until the TLA's and hardware providers (e.g. Cisco) get kicked back into their legally required boxes (yea, I know it will never happen, needs real whistle blower laws that are written to supersede all laws, published and secret, so...), I fear that any such system is vulnerable to the permanent MITM that the TLA's already have.
  We need to generate a large number of sets of high bit initial cryp70 offline, sneaker net it over, and periodically update it with switch overs at pre4rr4nged p5eud0 r4nd0m times. Maybe do this every 3 years when the list runs out and stronger encryption key lengths are needed anyway.
7. Re:More of the same by WaffleMonster · 2015-04-10 04:53 · Score: 1
  
  A CA isn't required at all to encrypt, just accept any self-signed certificate. If we want to introduce CAs or other method of identity verification, that may be fine but it is a different problem from encryption.
  When real people in the real world hear the word "encrypted" the word they actually hear is "secured" ... encryption without trust is a dangerously nonsensical illusion.
  
  We are seeing bits of this with the various opportunistic encryption extensions to SMTP and HTTP.
  What is the point? This does not stop the NSA
  from using QUANTUM INSERT and there is a very good chance anyone able to easedrop on wire has the means to spoof a few packets and coopt TCP sessions... so what does doing this buy you other than confusing people with doublespeak nobody understands?
8. Re:More of the same by Virtucon · 2015-04-10 05:26 · Score: 2
  
  Maybe I don't understand what your trying to say but there is no point at all in encrypting without trust. If your saying you would rather use a local CA for internal business or family use this is an excellent idea.
  Trust is at an arms length, so locally administered CAs make sense for these purposes. Trust works when all parties are trustworthy and it breaks down when you trust that deadbeat cousin Lin who still owes you money for that pizza from 5 years ago. At that point you should be able to prune cousin Lin from your XMAS card list. You can't however because then you're immediate family won't allow it. Apple not removing the Chinese CA for example.
  
  This isn't ever going to happen unless trust anchors are deterministically derivable from DNS names implying little to no choice in your selection of a trust anchor.
  Names is all that you can use because it is all people are willing to accept. Nobody is willing to go to google.com and manually enter or have to confirm use of the proper registry nor does relying on some coordinating structure do anything other than recreate the same problems in a different form.
  Well DNS is one mechanism but there can be others. I do think that the hierarchy of CA trust needs to be thrown out and it needs to give local control to who you trust and why. that means more responsibility from users but at least you can have some level of control.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
9. Re:More of the same by Bengie · 2015-04-10 08:47 · Score: 1
  
  Self signed defeats the purpose of stopping a MITM. Yes, you do raise the bar because now the data cannot be passively viewed, but it's trivial to actively view it.
10. Re:More of the same by Bengie · 2015-04-10 09:13 · Score: 1
  
  Configuring trust needs to be turn key simple, works out of the box, and even grandma can do it. Brand-new OS install, I should be able to hit www.mybank.com and trust that it really is www.mybank.com and not some random person doing a MITM.
11. Re:More of the same by Virtucon · 2015-04-10 09:55 · Score: 1
  
  well the problem is that grandma could be doing banking in China if a rogue CA issues a certificate that masques fraudulent activities.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
12. Re:More of the same by Anonymous Coward · 2015-04-10 11:13 · Score: 0
  
  What is the point? This does not stop the NSA...
  That's like saying "Whats the point of locking your front door? It wont stop an ICBM."
  You cannot stop the NSA. The level of resources available to the National Security Agency of the United States of America is on a scale beyond anything you can prevail against.
  Fortunately, the NSA really doesn't give a shit about you. You are not even collateral damage to the NSA. You are inconsequential, a statistical anomaly at best. Unless you are someone they are interested in...
  So don't worry about stopping the NSA, stop the script kiddies, stop the kook next door, stop the 99.999% you can stop.
Dear sir by Anonymous Coward · 2015-04-10 03:37 · Score: 0

Stay where you are. The authorities have been contacted. Assitance is coming.
Journalists being wrong again. by Anonymous Coward · 2015-04-10 03:45 · Score: 2, Funny

ITbusinessweek is wrong: The linix foundation neither started or initiated this project, it only took over its hosting. The press release of the foundation clearly states this.
Re:Linux only, as usual. by tshawkins · 2015-04-10 04:01 · Score: 1

Its ok for us linux nerds
Seriously, this is all about low barriers of access to SSL certs for webservers, the vast majority of which are either linux or other ix based. Client systems general dont need these certs, so they are not relevant. They just need a suitable root CA Cert.
cryptobracelet by Thagg · 2015-04-10 04:05 · Score: 1

At some point, and my guess is pretty darn soon, reasonable people are going to have a very secure cryptobracelet that they never take off, or if you take it off it will never work again.
The bracelet would work like the NFC chip in current phones, it would create unique identifiers for each transaction, so you can be verified that you are who you are without ever broadcasting your identity.
Then, all email and every other communication can easily be encrypted, securely, and without adding complication. You won't have to worry about remembering a hundred passwords, or about what happens when the store you bought things from is hacked, or that a library of 100 millions passwords will find yours.
I grant that some will protest that this is not natural (I don't want to wear something on my wrist!) but people do a hundred other unnatural things every day (brush their teeth, use deodorant, wear glasses, live longer than fifty years...) The benefits will be enormous, the changes minimal, and this will be led, I believe, by thought leaders.

--
I love Mondays. On a Monday, anything is possible.
1. Re:cryptobracelet by Anonymous Coward · 2015-04-10 04:19 · Score: 0
  
  Create a kickstarter or similar. I want one.
2. Re:cryptobracelet by stdarg · 2015-04-10 04:36 · Score: 2
  
  The bracelet would work like the NFC chip in current phones
  What's the benefit of making it a bracelet rather than a phone app? The phone already has the NFC chip you want.
  
  Then, all email and every other communication can easily be encrypted, securely, and without adding complication.
  How do you get the unique identifier from your bracelet to your PC? My PC doesn't have an NFC reader. If it did, again, I'd rather have it tie to my phone than a bracelet. You know what would be cool? A wireless charging pad with the NFC interface, so that you set your phone next to your computer on your desk, and all password requests from the PC are handled by the phone while it's physically there.
3. Re:cryptobracelet by Coren22 · 2015-04-10 04:49 · Score: 1
  
  https://www.google.com/search?...
  They exist in much better form factor. My watch annoys me enough that I take it off quite often, why would I want a bracelet I can't take off?
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
4. Re:cryptobracelet by Thagg · 2015-04-10 05:19 · Score: 1
  
  The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.
  I believe that the RFID tag that Coren22 suggests don't have, and can't have, the processing power required to do this right. You don't want to say "Yes, I'm 132132123123", that would be *way* too easy to fake. You want to have a back-and-forth communication that shows that you are who you are, without giving away your ID.
  I think the bracelet would become a status symbol -- the status being "yeah, I care about security." I'm actually not kidding.
  
  --
  I love Mondays. On a Monday, anything is possible.
5. Re:cryptobracelet by Coren22 · 2015-04-10 05:50 · Score: 1
  
  It gives an idea of what is possible, now to see if someone can put something with a little processing power into a like form factor.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
6. Re:cryptobracelet by vux984 · 2015-04-10 06:49 · Score: 1
  
  The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.
  How is that "not a problem" with a bracelet? Perhaps the bracelets are slightly less likely to be lost or stolen. Then again, I've found a lot more lost bracelets in the last 10 years than lost phones... and if they are valuable for identity theft, stealing them might well become a real thing.
7. Re:cryptobracelet by fph+il+quozientatore · 2015-04-10 07:11 · Score: 2
  
  What's the benefit of making it a bracelet rather than a phone app? The phone already has the NFC chip you want.
  Phones can get hacked. And most people are already storing passwords on their phones. What use is two-factor authentication if a malicious app can steal both factors at the same time?
  
  --
  My first program:
  Hell Segmentation fault
8. Re:cryptobracelet by jeff4747 · 2015-04-10 09:04 · Score: 1
  
  Yeah, that's a terrible idea.
  First, it's wireless, so I can "grab" your identity when you walk by. That'll be handy. It's even going to be strapped to a similar body part, so I can know exactly where to "accidentally" bump into you if it requires pushing a button to activate.
  Second, you are transmitting the code through the purchase system. That's very handy, because I can just capture the code via your compromised PC.
  "Two-factor" authentication systems work because the data does not flow through a single system. If my credit company texts me a one-time PIN to approve a purchase, you have to intercept both the purchase and the text message. The text message also lets me verify the purchase (Hey, the cash register says $23, but the text message says $475).
  Third, it's a surveillance state dream come true.
  You then bring up thought leaders, demonstrating that this is either sarcasm or massive stupidity.
9. Re:cryptobracelet by Thagg · 2015-04-10 09:50 · Score: 2
  
  We'll see.
  It's absolutely wrong that I am proposing a 'stealable' ID. No, it's not that at all. Like NFC (ApplePay and others) you don't send out your ID, your bracelet will engage in a two-way conversation that uses generates unique identifiers every time that prove that it's you without giving the system communicating with you the ability to impersonate you. It's not hard at all; we should have been doing this years ago. This is described in Bruce Schneier's Applied Cryptography twenty-fucking-years ago. Chapter 21(Identification Schemes) describes "zero-knowledge proof of identity". Curiously, researchers Feige, Fiat, and Shamir submitted a patent application in 1986 for this, but the Patent Office responded "the disclosure or publication of the subject matter ... would be detrimental to the national security..." The authors were ordered to notify all Americans to whom the research had been disclosed that unauthorized disclosure could lead to two years' imprisonment, a $10,000 fine, or both. Somewhat hilarious, as the work was all done at Weizmann Institute in Israel.
  That said, I do think that groups like the NSA and FBI have been quite successful in keeping people (like Jeff4747) remarkably uneducated. Banks, credit card companies, and groups like Google that make gigabucks tracking people have held back from doing things right as well -- and they're paying for it today.
  To say again. It is easy to build a system that would securely verify that you have authority to do something, without giving the ability for somebody else to impersonate you. It's somewhat more challenging than printing number in plastic on a credit card, but only a tiny bit more challenging.
  This will happen. Once it does people will wonder why it took so long.
  
  --
  I love Mondays. On a Monday, anything is possible.
10. Re:cryptobracelet by stdarg · 2015-04-10 17:41 · Score: 1
  
  Phones can get hacked... so? People are already starting to use phones as payment devices with credit card and banking information stored on the phone (e.g. Google Wallet, Apple Pay). They've long used mobile banking apps where you input your username/password. That ship has sailed... phones contain sensitive information.
  Anyway what's to say a bracelet with an NFC chip can't be compromised?
11. Re:cryptobracelet by jeff4747 · 2015-04-11 12:26 · Score: 1
  
  It's absolutely wrong that I am proposing a 'stealable' ID.
  And I didn't say you were proposing a 'stealable' ID. I said I can read the code remotely. Which lets me charge you $20, just as if you were making a purchase.
  See, your proposal failed to include any sort of verification by the bracelet-wearer that they wanted to make the purchase, or even verify the purchase amount.
  Even if you do require something like a button press, standard location and equipment means I can push the button on your bracelet by "accidentally" bumping into you.
  In other words, your proposal makes a modern version of "pickpocketing" not only possible, but extremely easy to do.
  
  That said, I do think that groups like the NSA and FBI have been quite successful in keeping people (like Jeff4747) remarkably uneducated.
  That's extremely amusing since you managed to completely fail to understand the problems I pointed out. You leapt to ID theft when I was talking about stealing plain-old money.
  But good job pontificating with maximum hypocrisy.
12. Re:cryptobracelet by jeff4747 · 2015-04-11 12:30 · Score: 1
  
  Oh, you also neglected to pay attention to how your proposal enables man-in-the-middle attacks. Again, you lack any verification by the user. All the bracelet knows is that they were presented with a valid signature. I'm making a purchase in Wal-Mart, but your plan doesn't actually verify it's Wal-Mart's certificate.
looking at their alignment by Anonymous Coward · 2015-04-10 04:08 · Score: 0

Akamai, Cisco, EFF, Mozilla, IdenTrust, and Automattic
akamai is fairly neutral, aspiring to be evil someday, no? cisco lawful evil, EFF lawful good, mozilla is google... lawful/somewhat chaotic evil as well.
who the heck are IdunTrust and Automattic...
http://en.wikipedia.org/wiki/Identrust //hah
apparently automattic are behind wordpress... neutral to me..
1 good, 2 neutrals, 3 evil players...
this gonna end well.
Re:Linux only, as usual. by qbast · 2015-04-10 04:09 · Score: 1

Maybe you should try one of countless apple fanboi sites.
Re:Linux only, as usual. by 93+Escort+Wagon · 2015-04-10 04:13 · Score: 3, Informative

This is specifically about making it easy to offer an encrypted web site - so "Linux only" will mean it's available for the majority of websites in the world.
Unfortunately there seems to be a huge disconnect between what the Slashdot summary and linked article claims and what the actual Linux Foundation web page states is the goal (making encrypted websites easy to deploy). This is a much less ambitious project than the submitter thinks it is.

--
#DeleteChrome
In UK you can go to prison for encryption by Anonymous Coward · 2015-04-10 04:25 · Score: 0

In UK encryption does not help you at all. If you will not hand out the keys you are going to 2 years in prison.
1. Re:In UK you can go to prison for encryption by Coren22 · 2015-04-10 04:52 · Score: 1
  
  Last I checked, UK is a democracy, you voted them into power, you chose your fate.
  If it were the US, I would say start a letter writing campaign, but I don't know exactly how the UK system works.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
2. Re:In UK you can go to prison for encryption by Phreakiture · 2015-04-10 05:05 · Score: 2
  
  You need to use a deniable encryption system for this, then. Rubberhose comes immediately to mind, but it is no longer maintained.
  Essentially, what it does is enable you to store several file systems in the same disk volume, which will have had its contents randomized in the formatting process. What blocks of the disk are used for each file system is not known until the key is provided. For that matter -- and this is the deniable part -- what file systems even exist is not knowable without having all of the keys.
  So, they ask for a key, you give them one. They ask you for "the rest of the keys" you give them a few more, but there is no way to prove, one way or the other, that all of the keys have or have not been provided.
  
  --
  www.wavefront-av.com
3. Re:In UK you can go to prison for encryption by Anonymous Coward · 2015-04-10 05:07 · Score: 0
  
  The trick is to never be a suspect. Most people never are; it's not that hard.
4. Re:In UK you can go to prison for encryption by Coren22 · 2015-04-10 05:16 · Score: 1
  
  I know this may be ancient history to you, but it really wasn't that long ago.
  http://www.ushmm.org/wlc/en/ar...
  You should always fight expansion of powers as they can be used by bad actors just as easily as good actors.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Re:Linux only, as usual. by Anonymous Coward · 2015-04-10 04:39 · Score: 0

You have been trolled. Boy, it's easy to jerk you guys' chains.
Re:Linux only, as usual. by Coren22 · 2015-04-10 04:47 · Score: 1

Yeah, let me know when OS X runs on server hardware and we can talk about encrypting web sites being hosted on OS X.

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Re:Behind... by tshawkins · 2015-04-10 04:52 · Score: 1

Back under your bridge troll........
Only web servers? by Dr.Dubious+DDQ · 2015-04-10 05:15 · Score: 1

Or at least, "software running on web servers"?
Is it merely the case that any server (email, XMPP, murmur, etc.) you want to get a "valid" certificate for has to also have a webserver running on it to use this system, or is it literally only intended for "web servers"?

--
Hacker Public Radio is our Friend
1. Re:Only web servers? by tshawkins · 2015-04-10 05:41 · Score: 1
  
  I suspect its for anywhere you want to provide TLS protected connections, SSL on webservers is just the biggest use case, so its going to get the attention initialy, but i dont see any reason why agents cant be built to handle the maintenance and signup protocol on other transports than http. SSL and HTTP are not co dependant.
  Its also going to be a big help in the migration to HTTP 2.0, which mandates SSL. I have a bunch of domains that i would like to move to HTTP 2.0 once it settles down, but im not up to paying $30-40 a pop for a cert.
  Im hoping that they will roll HTTP 2.0 migration into thier easy setup software.
2. Re:Only web servers? by Anonymous Coward · 2015-04-10 06:25 · Score: 0
  
  You can look into free providers for certs like startssl.com - I use them and they are pretty cooperative. I wouldn't say it's that easy... but not that difficult either.
3. Re:Only web servers? by Anonymous Coward · 2015-04-10 13:40 · Score: 0
  
  The current draft of the Lets Encrypt protocol mandates the client either have control over the DNS zone or over port 443 and support HTTPS. Creating a client to automate use of Lets Encrypt for other protocols may be messy as a result as it may need to modify software which controls DNS or HTTPS on 443 or may not have access to do either of the requirements.
Linux foundation using MS Word?!? by dotancohen · 2015-04-10 05:38 · Score: 1

The draft of the "Let's Encrypt" Certificate Policy is available in PDF here: https://letsencrypt.org/ISRG-C... Note that the PDF document's title is "Microsoft Word". I find that rather unusual for the Linux Foundation! Wasn't LibreOffice or some other Linux-available office suite good enough to write that document? I'm surprised that they are using a Windows desktop for everyday tasks such as document editing.

--
It is dangerous to be right when the government is wrong.
1. Re:Linux foundation using MS Word?!? by CronoCloud · 2015-04-10 06:37 · Score: 2
  
  I'm surprised that they are using a Windows desktop for everyday tasks such as document editing.
  They're not, check the PDFinfo:
  [CronoCloud ~]$ pdfinfo ISRG-CP-Feb-18-2015-DRAFT.pdf Title: Microsoft Word - ISRG CP_ Draft 2_Clean_Draft_with_Revisions_2015-01-21.docx Keywords: Creator: Word Producer: Mac OS X 10.10.2 Quartz PDFContext
  They're using Word on OSX.
2. Re:Linux foundation using MS Word?!? by dotancohen · 2015-04-10 07:37 · Score: 1
  
  That is a bit reassuring. Still, one would expect that of all places, the Linux Foundation would be on a KDE desktop using LibreOffice.
  
  --
  It is dangerous to be right when the government is wrong.
3. Re:Linux foundation using MS Word?!? by CronoCloud · 2015-04-10 07:53 · Score: 1
  
  Well, yes, but as was once said to me. The "creatives" who design/create what is essentially a press release like this tend to be running OSX.
  Another example is Linux Voice, the crowdfunded magazine. Their PDF's are done with Adobe Indesign on OSX.
  Because...:
  http://linux.slashdot.org/comm...
4. Re:Linux foundation using MS Word?!? by dotancohen · 2015-04-10 21:53 · Score: 1
  
  Thank you, that does explain a lot. We're a Linux shop as well, but our two graphics designers are both using the Adobe Suite on Windows.
  
  --
  It is dangerous to be right when the government is wrong.
Kind of ironic by Anonymous Coward · 2015-04-10 05:42 · Score: 0

Most Linux distros do not encrypt the connection between the package manager and server. You would think the Linux Foundation would start on one of the core parts of a Linux operating system before trying to encrypt everyone else's communications.
1. Re:Kind of ironic by tshawkins · 2015-04-10 05:53 · Score: 2
  
  They dont need to, the packages are signed, they are not trying to keep the contents of the packages secret, or hide thier contents during transfer, they are only trying to ensure that they are distributed unmodified. To perform a MITM attack on the packages pulled down from a repo, you would need the private signing keys To creat new packages.
  Looking through most of the .repo files in /etc/yum.repos.d on my fedora install, all the dl links are already https.
  I suspect that ubuntu is the same.
  Its probaly full of holes, i dont think i have seen a decent, analysis of the package managers from a security standpoint, but they seem to have most of the basics.
  I dont know if the private keys are distributed to the packagers, if they are then that could be an issue.
2. Re:Kind of ironic by ledow · 2015-04-10 06:05 · Score: 2
  
  Why does it need to be secret?
  All you need is an integrity check, and the packages are all signed with the key which is included in the initial distro image (which is itself signed, available over HTTPS and has publicly published checksums).
  Encryption is not necessary here. To believe it is is to completely misunderstand the purpose of encryption.
3. Re:Kind of ironic by Anonymous Coward · 2015-04-10 07:54 · Score: 0
  
  It provides potential metadata which would otherwise be unavailable to those who intercept your communications.
  Transmitting the names and version numbers of all your installed software in plaintext across the internet could be used against you even if a MiTM were not possible.
  Also not all distros sign their packages. PCLinuxOS pretty much does not sign any of them. I pointed out reasons for signing and was told by the distro's creator it was FUD and that only md5sums are needed, and that they will continue to not sign their packages or use encryption with the server. Kind of makes me wonder how many other distros have a similarly unconcerned approach to security, but there seems to be no comparison of how distros differ on this anywhere that I could find. The EFF points out that both Microsoft and Apple encrypt these connections while at the very least Mint, Ubuntu and PCLOS do not, which seems odd to me as well.
4. Re:Kind of ironic by Anonymous Coward · 2015-04-10 08:03 · Score: 0
  
  Ubuntu does not use https, nor does Mint, PCLOS, Kubuntu, or Debian. Probably many more.
  And most of PCLOS's packages are not signed, probably several other distros are similar. They are still protected by an md5sum but any MITM attack capable of modifying the package could also modify the md5sum list since it too is sent plaintext.
TOFU + Perspectives by tepples · 2015-04-10 09:16 · Score: 1

A self-signed certificate makes two guarantees. First, if the public key you see is the same public key you saw the first time you connected to that host, then a MITM probably hasn't been introduced since your first connection. SSH uses this "key continuity management" (KCM) or "trust on first use" (TOFU) model, as did OS X prior to the introduction of Gatekeeper. Granted, the MITM can harm the first connection to a given host.
But the second guarantee even in the face of day-one MITM is route diversity. The Perspectives extension uses notary servers to act as consensus CAs. This ensures that the public key you're seeing is the same public key everyone else sees for that hostname, which means that if there is a MITM, it's between the server and its only connection to the Internet (the "Lserver" attack in the Usenix 08 paper describing Perspectives).
So the biggest difference between a self-signed certificate and a domain-validated certificate is that the latter prevents an Lserver attack on your first connection.
Yosemite Server for $19.99 by tepples · 2015-04-10 09:22 · Score: 1

Yeah, let me know when OS X runs on server hardware
It took me about five seconds to search the web for os x server, which pointed me to Yosemite Server for $19.99. If you're insinuating that a Mac mini is not "server hardware", I'd be interested in your reasoning.
1. Re: Yosemite Server for $19.99 by Anonymous Coward · 2015-04-10 23:06 · Score: 0
  
  Does it have a redundant power supply and ECC memory? If so then sure!
2. Re:Yosemite Server for $19.99 by Anonymous Coward · 2015-04-11 14:24 · Score: 0
  
  LOL, don't bother arguing with these morons. OS X is infinitely faster, stabler, and has better performance across the board than Linux, but you will never hear anyone admit it on slasdot where "news for nerds" apparently only includes shitty hobby OS's.
Four lines of code to serve HTTPS by tepples · 2015-04-10 09:36 · Score: 1

It takes literally four lines of code to bring up HTTPS on a Python 2 server.

import BaseHTTPServer, SimpleHTTPServer, ssl httpd = BaseHTTPServer.HTTPServer(('localhost', 4443), SimpleHTTPServer.SimpleHTTPRequestHandler) httpd.socket = ssl.wrap_socket (httpd.socket, certfile='path/to/localhost.pem', server_side=True) httpd.serve_forever()

So if you plan to use your TLS server only for inner protocols other than HTTP, I imagine someone will probably adapt Let's Encrypt to bring up a temporary HTTPS server when obtaining or renewing a certificate.
Old News by Anonymous Coward · 2015-04-10 18:51 · Score: 0

Let's Encrypt launched last November - the article is simply wrong. The new announcement is that the Linux Foundation is hosting it. Helps to actually read the press releases you base your articles on, eh? :-)
Confused by harryjohnston · 2015-04-10 20:48 · Score: 1

The writer seems to me to be confused between encryption of web traffic and encryption of data in general.
AFAIK, Let's Encrypt is all about making https universal. It has nothing to do with encypting application data.
Other AC has a point about ECC RAM by tepples · 2015-04-12 03:11 · Score: 1

Anonymous Coward wrote:

OS X is infinitely faster
"Infinitely"? I'll assume that was hyperbole.

stabler
Even in the face of electromagnetic noise flipping bits in your RAM? Unlike Linux, OS X is intended to run exclusively on Mac hardware. And this comment insinuates that Macs don't support high-reliability RAM or power supplies.