'Let's Encrypt' Project Strives To Make Encryption Simple

jones_supa writes: As part of an effort to make encryption a standard component of every application, the Linux Foundation has launched the Let's Encrypt project (announcement) and stated its intention to provide access to a free certificate management service. Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it's just too easy to steal data that is not encrypted. In its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin claims the Let's Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands. The project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group. This work is sponsored by Akamai, Cisco, EFF, Mozilla, IdenTrust, and Automattic, which all are Linux Foundation patrons. Visit Let's Encrypt official website to get involved.

Warning!!!

[bazmail]

Having conversations that your government can't eavesdrop on is tantamount to terrorism.

You have been warned.

Re: Warning!!!

This. A thousand times over. You may not like it, I sure as hell don't like it, but we live in the Surveillance Age now and will probably be for the rest of our lives. While it may appear noble and idealistic to want to oppose it, it's also foolish if not downright suicidal. One can't fight the State, especially not when the vast majority of the populace supports it. It's best to choose one's battle and to know when you're beaten. We're beaten. Privacy is dead. It's not coming back. Move on.

Re: Warning!!!

[clonehappy]

Cowards like you have never changed the world. Sad, really. Not that I think I'm going to, or anything, but for fuck's sake man stop being a pussy! If we're so beaten, and privacy's so dead, then what the fuck have we to lose by figthing for what's right?

I'd rather be suicidal and on the right side of history than get to live a meek, shallow little existence cowering in my hole waiting to die, afraid to say the wrong thing or think the wrong ideas. Sure, someone may eventually kill me or persecute me because I believe in freedom and liberty and privacy, but they won't be taking away my dignity. I've done nothing wrong, and I have the right to think and say what I want (as do you). I, for one, will be exercising those rights until I'm six feet under.

Being cowards and letting everyone roll over on us is how we got in this mess in the first place. It's not too late to take ownership of your historical defeatism and try to affect change.

Re: Warning!!!

[pla]

we live in the Surveillance Age now and will probably be for the rest of our lives.

Probably true - But I'll still use encryption for my private files and communications. I'll still refrain from screaming what I had for breakfast into the ether. I'll still make up random information when registering for any service that doesn't need real info to perform its core function. I'll still "fuzz" personal details when relevant to discussions on sites such as Slashdot. I'll still bait telemarketers even though they probably know more about me than I do. And, I'll still make Officer Twitchy get a warrant to search my phone, even if it means I get shot in the back trying to peacefully walk away.

Accepting the reality of something doesn't mean you should just give up - We all unavoidably die, why don't we all just commit suicide now and save ourselves the hassle of wasting all that time working and sleeping and exercising-so-we-can-live-longer and such? Sometimes, "accepting" something means "fight harder anyway".

Re:Warning!!!

[lq_x_pl]

This is one reason why Steganography is so powerful. A heavily-encrypted communication stream just screams "HEY LOOK! I'M NOT LETTING YOU PEEK AT MY STUFF." Information protected in plain sight (hidden in something innocuous), does much less screaming.

Re:Warning!!!

Yes but if everybody has access to simple to use encryption that stigma goes away, when encrypted traffic is the norm rather than the exception then Its use is not a red flag. Mass adoption is in itself protection.

Re:Warning!!!

[qbast]

Don't worry, all the founders of 'lets encrypt' are entities based in USA, so you can bet private keys of each issued certificate will be delivered to appropriate authorities.

Re:Warning!!!

[bazmail]

lol. Thats exactly what I thought when I saw the logos on the right hand side.

Cisco: hey guys whatcha doin. listening to music huh? Yeah I love me some hippedy-hop music.

Re: Warning!!!

[bill_mcgonigle]

"on the right side of history" This phrase has always confused me. Unless you are a prophet or time traveler, how do you know you are on the "right side" of history until a significant enough time has passed?

Look at long-term trends.

Two thousand years ago personal freedom was rare and people were the per se property of their Sovereign. Warring was common, dueling was how arguments were settled, and people drowned their extra babies. Human life had fairly little social value and everything was controlled by the whims of the Gods, regardless.

In the more advanced civilizations today, people can do pretty much whatever they want in terms of personal liberty, and there's a bunch of obfuscation to disguise the fact that they're still owned by their Sovereign (because they wouldn't accept it consciously). Cooperation is markedly increased, resulting in the march of technology.

The safe bet is for the trend-lines to continue towards more tolerance, more personal freedom, more blessings of enhanced communications and technology, and a sunset of the nation-state as the pervasive governing mechanism.

There's no guarantee, but the trends are very strong with only slight perturbations, so to bet against it is a fools' errand. To bet on more authoritarianism, more mercantilism, and more central planning while betting against more peace, more tolerance, and more liberty is a great way to be considered a fool, in history books written far enough into the future (there are always short-term gains for such sociopathic behaviors, so don't expect the history books written tomorrow to judge yesterday's tyrant harshly).

Historians in 3015 may judge this post harshly, but I wouldn't bet on it.

Re: Warning!!!

[MrNiceguy_KS]

Amen to this. The proper response to, "If you don't have anything to hide, what are you worried about?" is "I'm worried about what will happen if I don't hide *everything*," followed up with, "Unless you've got a good reason to be looking, mind your own damn business."

I absolutely support the idea behind this project. I support encryption everywhere, for everyone. I don't want to live in a world where the only people who are worried about encryption are drug dealers, child porn collectors, international spies, and government folks trying to catch the first three. I don't want to live in a world where use of encryption automatically qualifies as "probable cause".

In a sense, it's almost like a business having an email retention policy in place. There's nothing suspicious about a company with a policy in place where they automatically delete emails after a certain time period. A company that has a mass purge of old mail 3 hours after being served with a subpoena looks like they have something to hide. In the same vein, if I have an encrypted flash drive that's in the back of my freezer inside a box of fish sticks, that looks suspicious, but if I have full-disk encryption on my desktop, my laptop, and my phone, I'm just taking a wide approach of "secure by default".

Re:Encryption done right isn't simple...

[bazmail]

Making it simple will go a long way to avoiding PEBCAK problems. Simpler processes give less opportunity for human error.

RTEM

[Defenestrar]

Encrypt everything! Bummer about the decryption man pages...

More of the same

[WaffleMonster]

Certs don't work, never have. Aggregating so much power and responsibility into the hands of CAs is just as foolish as key escrows run by governments and organized crime. Something will always go wrong there will always be too much incentive locked up in ensuring that it does. The more successful and useful a "simple" solution for everyone becomes the more incentive exists to coopt it.

The answer is not doubling down on these things and "encrypting" just because you can or just because its easy.

Most systems worth securing already require you to provide a password to login. If you want to improve the status quo and really make a difference then get browser vendors to natively support secure logins via TLS-SRP and relegate free certs to the margins for service discovery and account setup where there is no other practical means of establishing trust.

Re:More of the same

[Virtucon]

I agree with the trust issue on certs however encrypting doesn't mean that I have to use a trust based model if it's for personal uses or for close proximity use, such as within a family or business environment. The issues are much larger in terms of protecting data whether it's stored or in transit across insecure networks. As a start I'd like to see the CA system revamped or replaced with multiple trust authorities, not just one chain and have meaningful teeth to eliminate trust associations with authorities who violate trust which seems to be more rampant and obvious as of late.

Re:More of the same

[jbmartin6]

A CA isn't required at all to encrypt, just accept any self-signed certificate. If we want to introduce CAs or other method of identity verification, that may be fine but it is a different problem from encryption. We are seeing bits of this with the various opportunistic encryption extensions to SMTP and HTTP.

Re:More of the same

[Virtucon]

Maybe I don't understand what your trying to say but there is no point at all in encrypting without trust. If your saying you would rather use a local CA for internal business or family use this is an excellent idea.

Trust is at an arms length, so locally administered CAs make sense for these purposes. Trust works when all parties are trustworthy and it breaks down when you trust that deadbeat cousin Lin who still owes you money for that pizza from 5 years ago. At that point you should be able to prune cousin Lin from your XMAS card list. You can't however because then you're immediate family won't allow it. Apple not removing the Chinese CA for example.

This isn't ever going to happen unless trust anchors are deterministically derivable from DNS names implying little to no choice in your selection of a trust anchor.

Names is all that you can use because it is all people are willing to accept. Nobody is willing to go to google.com and manually enter or have to confirm use of the proper registry nor does relying on some coordinating structure do anything other than recreate the same problems in a different form.

Well DNS is one mechanism but there can be others. I do think that the hierarchy of CA trust needs to be thrown out and it needs to give local control to who you trust and why. that means more responsibility from users but at least you can have some level of control.

Re:Unintended Consequences ?

[Virtucon]

there's nothing prohibiting that now.

Re:Unintended Consequences ?

[nine-times]

That's already happening. DRM, for example, has always been partially for commercial reasons (preventing privacy), and largely for anti-competitive reasons (preventing interoperability and forcing people to repurchase the same content repeatedly).

Encryption is being used for almost every purpose except the good ones. We could use encryption to protect privacy and prevent identity theft, but I guess we can't do that because it might prevent the NSA from snooping on your dick pics.

Journalists being wrong again.

ITbusinessweek is wrong: The linix foundation neither started or initiated this project, it only took over its hosting. The press release of the foundation clearly states this.

Re:Linux only, as usual.

[93+Escort+Wagon]

This is specifically about making it easy to offer an encrypted web site - so "Linux only" will mean it's available for the majority of websites in the world.

Unfortunately there seems to be a huge disconnect between what the Slashdot summary and linked article claims and what the actual Linux Foundation web page states is the goal (making encrypted websites easy to deploy). This is a much less ambitious project than the submitter thinks it is.

Re:cryptobracelet

[stdarg]

The bracelet would work like the NFC chip in current phones

What's the benefit of making it a bracelet rather than a phone app? The phone already has the NFC chip you want.

Then, all email and every other communication can easily be encrypted, securely, and without adding complication.

How do you get the unique identifier from your bracelet to your PC? My PC doesn't have an NFC reader. If it did, again, I'd rather have it tie to my phone than a bracelet. You know what would be cool? A wireless charging pad with the NFC interface, so that you set your phone next to your computer on your desk, and all password requests from the PC are handled by the phone while it's physically there.

Re:In UK you can go to prison for encryption

[Phreakiture]

You need to use a deniable encryption system for this, then. Rubberhose comes immediately to mind, but it is no longer maintained.

Essentially, what it does is enable you to store several file systems in the same disk volume, which will have had its contents randomized in the formatting process. What blocks of the disk are used for each file system is not known until the key is provided. For that matter -- and this is the deniable part -- what file systems even exist is not knowable without having all of the keys.

So, they ask for a key, you give them one. They ask you for "the rest of the keys" you give them a few more, but there is no way to prove, one way or the other, that all of the keys have or have not been provided.

Re:Kind of ironic

[tshawkins]

They dont need to, the packages are signed, they are not trying to keep the contents of the packages secret, or hide thier contents during transfer, they are only trying to ensure that they are distributed unmodified. To perform a MITM attack on the packages pulled down from a repo, you would need the private signing keys To creat new packages.

Looking through most of the .repo files in /etc/yum.repos.d on my fedora install, all the dl links are already https.

I suspect that ubuntu is the same.

Its probaly full of holes, i dont think i have seen a decent, analysis of the package managers from a security standpoint, but they seem to have most of the basics.

I dont know if the private keys are distributed to the packagers, if they are then that could be an issue.

Re:Kind of ironic

[ledow]

Why does it need to be secret?

All you need is an integrity check, and the packages are all signed with the key which is included in the initial distro image (which is itself signed, available over HTTPS and has publicly published checksums).

Encryption is not necessary here. To believe it is is to completely misunderstand the purpose of encryption.

Re:Linux foundation using MS Word?!?

[CronoCloud]

I'm surprised that they are using a Windows desktop for everyday tasks such as document editing.

They're not, check the PDFinfo:

[CronoCloud ~]$ pdfinfo ISRG-CP-Feb-18-2015-DRAFT.pdf
Title: Microsoft Word - ISRG CP_ Draft 2_Clean_Draft_with_Revisions_2015-01-21.docx
Keywords:
Creator: Word
Producer: Mac OS X 10.10.2 Quartz PDFContext

They're using Word on OSX.

Re:cryptobracelet

[fph+il+quozientatore]

What's the benefit of making it a bracelet rather than a phone app? The phone already has the NFC chip you want.

Phones can get hacked. And most people are already storing passwords on their phones. What use is two-factor authentication if a malicious app can steal both factors at the same time?

Re:cryptobracelet

[Thagg]

We'll see.

It's absolutely wrong that I am proposing a 'stealable' ID. No, it's not that at all. Like NFC (ApplePay and others) you don't send out your ID, your bracelet will engage in a two-way conversation that uses generates unique identifiers every time that prove that it's you without giving the system communicating with you the ability to impersonate you. It's not hard at all; we should have been doing this years ago. This is described in Bruce Schneier's Applied Cryptography twenty-fucking-years ago. Chapter 21(Identification Schemes) describes "zero-knowledge proof of identity". Curiously, researchers Feige, Fiat, and Shamir submitted a patent application in 1986 for this, but the Patent Office responded "the disclosure or publication of the subject matter ... would be detrimental to the national security..." The authors were ordered to notify all Americans to whom the research had been disclosed that unauthorized disclosure could lead to two years' imprisonment, a $10,000 fine, or both. Somewhat hilarious, as the work was all done at Weizmann Institute in Israel.

That said, I do think that groups like the NSA and FBI have been quite successful in keeping people (like Jeff4747) remarkably uneducated. Banks, credit card companies, and groups like Google that make gigabucks tracking people have held back from doing things right as well -- and they're paying for it today.

To say again. It is easy to build a system that would securely verify that you have authority to do something, without giving the ability for somebody else to impersonate you. It's somewhat more challenging than printing number in plastic on a credit card, but only a tiny bit more challenging.

This will happen. Once it does people will wonder why it took so long.

Re:Encryption done right isn't simple...

[dcollins117]

I've needed on a number of occasions to recover data from disks I can't boot from.

Then you have inadequate backups. That's a different issue from encryption.