'Let's Encrypt' Project Strives To Make Encryption Simple 116
jones_supa writes: As part of an effort to make encryption a standard component of every application, the Linux Foundation has launched the Let's Encrypt project (announcement) and stated its intention to provide access to a free certificate management service. Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it's just too easy to steal data that is not encrypted. In its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin claims the Let's Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands. The project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group. This work is sponsored by Akamai, Cisco, EFF, Mozilla, IdenTrust, and Automattic, which all are Linux Foundation patrons. Visit Let's Encrypt official website to get involved.
Re:Encryption done right isn't simple... (Score:5, Insightful)
Re: (Score:1)
Which is unfortunately utter bullshit and history is there to prove it.
Look at SSL for example. It's simple for the end-user, he/she doesn't need to do anything to use it, still it has failed us many times now.
Good encryption isn't simple, you need to know what you're doing. If you don't know what you're doing, you also don't know if you make mistakes. You can also easily become a target of phishers or other con artists.
Re: (Score:1)
(1) He didn't say it eliminates PEBCAK, he said it will go a long way in reducing (avoiding) problems. If you dispute this, I'd like to know why.
(2) He didn't say encryption was simple. In fact he almost implied that it isn't simple (of course it's not), that's why we need to not expose end users to aspects that require expert-level knowledge.
I feel like bazmail said something akin to, "A bike helps me get to work faster (than walking)" and you're shouting, "A plane won't help you get to work any fast
Re: (Score:1)
Encryption you don't have to think about is probably pretty vulnerable.
I consider myself somewhat crypto savvy (I've read a lot of crypto papers and can do some basic differential and linear cryptanalysis), but I don't encrypt any of my files or e-mails. For me the costs outweigh the benefits.
Re: (Score:2)
I just keep good backups. Encrypted, of course. With the fact that SSDs actually overwrite deleted data when the garbage collector decides to, deleted data tends to be -gone- for good.
Re: (Score:3)
I've needed on a number of occasions to recover data from disks I can't boot from.
Then you have inadequate backups. That's a different issue from encryption.
Re: (Score:2)
Yes it will.
OK you want to encrypt a file. You find instructions and you follow each step correctly you got a encrypted system.
Now following steps is stuff a computer can do. You need humans to do things a little more creative. So it makes sense that you have a simpler process for this. That does all the non-simple things in a few commands.
Warning!!! (Score:5, Funny)
You have been warned.
Re: Warning!!! (Score:2, Insightful)
This. A thousand times over. You may not like it, I sure as hell don't like it, but we live in the Surveillance Age now and will probably be for the rest of our lives. While it may appear noble and idealistic to want to oppose it, it's also foolish if not downright suicidal. One can't fight the State, especially not when the vast majority of the populace supports it. It's best to choose one's battle and to know when you're beaten. We're beaten. Privacy is dead. It's not coming back. Move on.
Re: (Score:1)
So in other words just roll over and accept it........ And which branch of of which government do you work for?.
You might be beaten, others are not......
Re: Warning!!! (Score:5, Insightful)
Cowards like you have never changed the world. Sad, really. Not that I think I'm going to, or anything, but for fuck's sake man stop being a pussy! If we're so beaten, and privacy's so dead, then what the fuck have we to lose by figthing for what's right?
I'd rather be suicidal and on the right side of history than get to live a meek, shallow little existence cowering in my hole waiting to die, afraid to say the wrong thing or think the wrong ideas. Sure, someone may eventually kill me or persecute me because I believe in freedom and liberty and privacy, but they won't be taking away my dignity. I've done nothing wrong, and I have the right to think and say what I want (as do you). I, for one, will be exercising those rights until I'm six feet under.
Being cowards and letting everyone roll over on us is how we got in this mess in the first place. It's not too late to take ownership of your historical defeatism and try to affect change.
Re: (Score:2, Insightful)
Re: (Score:2)
I'm not sure why I'm responding to you, as it's obvious to me that you're being disingenuous. Doing the "right thing" is obvious to most people. If you have no moral or ethical compass, then I'm sure this one's hard for you.
But anyone who was taught right from wrong knows that wholesale monitoring of the private communications of citizens in a free country is a bad thing. It can only lead to abuses and tyrannical actions by those doing the spying. Opposing something that foments tyranny is being on the
Re: (Score:2)
Hmm, that sounds suspiciously like that old Judeo-Christian tradition to me. Or do you really think that, say, Buddhism holds to exactly the same standards of right/wrong as Christianity? Or Islam? Or Confucianism? Or Taoism?
Hint: right/wrong is pretty much defined by what you were taught as a child as proper behaviour. And different people were taught different things, depending on when/where they were raised....
Re: (Score:2)
No, the "right thing" is what evolution comes up with as the heuristic for what's best for genes in the long run.
And that's why it varies from species to species, and environment to environment.
Re: (Score:2)
The trouble is that the "right thing" on a large enough scale is often only defined retrospectively by those who retain power. How different would the world be if the USSR had won the cold war?
Its easy to say "Communism is bad" when you're just parroting what you've been told for the past 50 years.. Its a lot harder to say it objectively because the only communist countries we've really known have had to operate under the yolk of the US anti-communist rampage.
Hell, morally speaking, the greed-based capital
Re: (Score:2)
Re: Warning!!! (Score:4, Interesting)
"on the right side of history" This phrase has always confused me. Unless you are a prophet or time traveler, how do you know you are on the "right side" of history until a significant enough time has passed?
Look at long-term trends.
Two thousand years ago personal freedom was rare and people were the per se property of their Sovereign. Warring was common, dueling was how arguments were settled, and people drowned their extra babies. Human life had fairly little social value and everything was controlled by the whims of the Gods, regardless.
In the more advanced civilizations today, people can do pretty much whatever they want in terms of personal liberty, and there's a bunch of obfuscation to disguise the fact that they're still owned by their Sovereign (because they wouldn't accept it consciously). Cooperation is markedly increased, resulting in the march of technology.
The safe bet is for the trend-lines to continue towards more tolerance, more personal freedom, more blessings of enhanced communications and technology, and a sunset of the nation-state as the pervasive governing mechanism.
There's no guarantee, but the trends are very strong with only slight perturbations, so to bet against it is a fools' errand. To bet on more authoritarianism, more mercantilism, and more central planning while betting against more peace, more tolerance, and more liberty is a great way to be considered a fool, in history books written far enough into the future (there are always short-term gains for such sociopathic behaviors, so don't expect the history books written tomorrow to judge yesterday's tyrant harshly).
Historians in 3015 may judge this post harshly, but I wouldn't bet on it.
Re: (Score:1)
Historians in 3015 may judge this post harshly, but I wouldn't bet on it.
I agree, the odds of historians in 3015 even FINDING this post are slim to none.
Re: (Score:2)
I take "the right side of history" to mean the side that promoted right over wrong, as considered at some later date.
This does assume that right and wrong exist, and that we can tell the difference between them. 100 years ago, there would have been a small minority of people on the right side of history vis-a-vi gay rights, but it would still have been the right side of history.
Re: (Score:2)
Re: (Score:2)
You realize that you just made me google confirmation bias on a Friday night? I'm sorry, don't see your point.
I wasn't saying that I was wise enough to know who is on the right side of history, just that there is a right side on every issue, and what is right doesn't change regardless of how many people agree with it at any given time
Re: (Score:2)
Re: (Score:2)
then what the fuck have we to lose by figthing for what's right?
Comfort and complacency? If you set the value of freedom to zero, there are still other benefits to be enjoyed. Perhaps you've heard of "bread and circuses"? (this isn't a new problem).
I'd rather be suicidal and on the right side of history than get to live a meek, shallow little existence cowering in my hole waiting to die
Realize that you're in a small minority. And in a democracy, the majority gets to enforce their view on you that your f
Re: (Score:1)
Re: Warning!!! (Score:5, Insightful)
Probably true - But I'll still use encryption for my private files and communications. I'll still refrain from screaming what I had for breakfast into the ether. I'll still make up random information when registering for any service that doesn't need real info to perform its core function. I'll still "fuzz" personal details when relevant to discussions on sites such as Slashdot. I'll still bait telemarketers even though they probably know more about me than I do. And, I'll still make Officer Twitchy get a warrant to search my phone, even if it means I get shot in the back trying to peacefully walk away.
Accepting the reality of something doesn't mean you should just give up - We all unavoidably die, why don't we all just commit suicide now and save ourselves the hassle of wasting all that time working and sleeping and exercising-so-we-can-live-longer and such? Sometimes, "accepting" something means "fight harder anyway".
Re: (Score:2)
Amen to this. The proper response to, "If you don't have anything to hide, what are you worried about?" is "I'm worried about what will happen if I don't hide *everything*," followed up with, "Unless you've got a good reason to be looking, mind your own damn business."
I absolutely support the idea behind this project. I support encryption everywhere, for everyone. I don't want to live in a world where the only people who are worried about encryption are drug dealers, child porn collectors, international
Re: (Score:2)
Nicely written.
I must say I agree with everything you wrote ... except the whole "getting shot in the back". My approach would be to remain in the officer's presence, but to essentially remain mute (or indicate a disinclination to answer) -- surely he can't shoot you for not speaking??? -- until / unless I have my own legal representation.
In Australia, I believe (IANAL) that we are legally required to give our name, address and D.O.B to police if apprehended. That's it. Only a judge can compel one to speak;
Re: (Score:2)
One can't fight the State, especially not when the vast majority of the populace supports it.
We're not fighting the State by using encryption. We're protecting out data from unauthorized access. Like good digital citizens.
Re: (Score:3)
Re:Warning!!! (Score:5, Insightful)
Yes but if everybody has access to simple to use encryption that stigma goes away, when encrypted traffic is the norm rather than the exception then Its use is not a red flag. Mass adoption is in itself protection.
Re: (Score:3)
Re: (Score:2)
I am particularly uncomfortable with the presence of Cisco in this party.
Re: (Score:3)
Cisco: hey guys whatcha doin. listening to music huh? Yeah I love me some hippedy-hop music.
Re: (Score:2)
Well I didn't read the details of how they're planning to set this up, but it seems to me that if they have any access to the private keys at all, then they're doing it wrong.
The private keys must be generated and held privately to be secure (I think that might have something to do with the name..)
The public key is the only part that should ever be known by or transmitted to a second party (never mind a third party or a MITM.)
RTEM (Score:5, Funny)
Unintended Consequences ? (Score:2)
I can see that one unintended consequence might be an increase in using encryption to obfuscate applications for commercial / anticompetitive reasons, as well as illegal reasons.
Re: (Score:3)
there's nothing prohibiting that now.
Re:Unintended Consequences ? (Score:4, Insightful)
That's already happening. DRM, for example, has always been partially for commercial reasons (preventing privacy), and largely for anti-competitive reasons (preventing interoperability and forcing people to repurchase the same content repeatedly).
Encryption is being used for almost every purpose except the good ones. We could use encryption to protect privacy and prevent identity theft, but I guess we can't do that because it might prevent the NSA from snooping on your dick pics.
More of the same (Score:3)
Certs don't work, never have. Aggregating so much power and responsibility into the hands of CAs is just as foolish as key escrows run by governments and organized crime. Something will always go wrong there will always be too much incentive locked up in ensuring that it does. The more successful and useful a "simple" solution for everyone becomes the more incentive exists to coopt it.
The answer is not doubling down on these things and "encrypting" just because you can or just because its easy.
Most systems worth securing already require you to provide a password to login. If you want to improve the status quo and really make a difference then get browser vendors to natively support secure logins via TLS-SRP and relegate free certs to the margins for service discovery and account setup where there is no other practical means of establishing trust.
Re: (Score:3)
I agree with the trust issue on certs however encrypting doesn't mean that I have to use a trust based model if it's for personal uses or for close proximity use, such as within a family or business environment. The issues are much larger in terms of protecting data whether it's stored or in transit across insecure networks. As a start I'd like to see the CA system revamped or replaced with multiple trust authorities, not just one chain and have meaningful teeth to eliminate trust associations with author
Re: (Score:2)
I agree with the trust issue on certs however encrypting doesn't mean that I have to use a trust based model if it's for personal uses or for close proximity use, such as within a family or business environment.
Maybe I don't understand what your trying to say but there is no point at all in encrypting without trust. If your saying you would rather use a local CA for internal business or family use this is an excellent idea.
As a start I'd like to see the CA system revamped or replaced with multiple trust authorities, not just one chain and have meaningful teeth to eliminate trust associations with authorities who violate trust which seems to be more rampant and obvious as of late.
This isn't ever going to happen unless trust anchors are deterministically derivable from DNS names implying little to no choice in your selection of a trust anchor.
Names is all that you can use because it is all people are willing to accept. Nobody is willing to go to google.com and manually
Re: (Score:3)
Maybe I don't understand what your trying to say but there is no point at all in encrypting without trust. If your saying you would rather use a local CA for internal business or family use this is an excellent idea.
Trust is at an arms length, so locally administered CAs make sense for these purposes. Trust works when all parties are trustworthy and it breaks down when you trust that deadbeat cousin Lin who still owes you money for that pizza from 5 years ago. At that point you should be able to prune cousin Lin from your XMAS card list. You can't however because then you're immediate family won't allow it. Apple not removing the Chinese CA for example.
This isn't ever going to happen unless trust anchors are deterministically derivable from DNS names implying little to no choice in your selection of a trust anchor.
Names is all that you can use because it is all people are willing to accept. Nobody is willing to go to google.com and manually enter or have to confirm use of the proper registry nor does relying on some coordinating structure do anything other than recreate the same problems in a different form.
Well DNS is one mechanism but there can be others. I do think
Re: (Score:2)
Re: (Score:2)
well the problem is that grandma could be doing banking in China if a rogue CA issues a certificate that masques fraudulent activities.
Re: (Score:2)
Yep.
Certificate validation is a defense against Man-in-the-Middle attacks. But the "Let's Encrypt" system is vulnerable to a MitM attack between its server and the server that would request the proper certificate.
It can thus be fooled into issuing false certificates by the very people those certificates should defend against.
Re: (Score:3)
Re: (Score:2)
A CA isn't required at all to encrypt, just accept any self-signed certificate. If we want to introduce CAs or other method of identity verification, that may be fine but it is a different problem from encryption.
When real people in the real world hear the word "encrypted" the word they actually hear is "secured" ... encryption without trust is a dangerously nonsensical illusion.
We are seeing bits of this with the various opportunistic encryption extensions to SMTP and HTTP.
What is the point? This does not stop the NSA
from using QUANTUM INSERT and there is a very good chance anyone able to easedrop on wire has the means to spoof a few packets and coopt TCP sessions... so what does doing this buy you other than confusing people with doublespeak nobody understands?
Re: (Score:2)
TOFU + Perspectives (Score:2)
A self-signed certificate makes two guarantees. First, if the public key you see is the same public key you saw the first time you connected to that host, then a MITM probably hasn't been introduced since your first connection. SSH uses this "key continuity management" (KCM) or "trust on first use" (TOFU) model, as did OS X prior to the introduction of Gatekeeper. Granted, the MITM can harm the first connection to a given host.
But the second guarantee even in the face of day-one MITM is route diversity. The
Journalists being wrong again. (Score:2, Funny)
ITbusinessweek is wrong: The linix foundation neither started or initiated this project, it only took over its hosting. The press release of the foundation clearly states this.
cryptobracelet (Score:2)
At some point, and my guess is pretty darn soon, reasonable people are going to have a very secure cryptobracelet that they never take off, or if you take it off it will never work again.
The bracelet would work like the NFC chip in current phones, it would create unique identifiers for each transaction, so you can be verified that you are who you are without ever broadcasting your identity.
Then, all email and every other communication can easily be encrypted, securely, and without adding complication. You
Re: (Score:3)
The bracelet would work like the NFC chip in current phones
What's the benefit of making it a bracelet rather than a phone app? The phone already has the NFC chip you want.
Then, all email and every other communication can easily be encrypted, securely, and without adding complication.
How do you get the unique identifier from your bracelet to your PC? My PC doesn't have an NFC reader. If it did, again, I'd rather have it tie to my phone than a bracelet. You know what would be cool? A wireless charging pad with the NFC interface, so that you set your phone next to your computer on your desk, and all password requests from the PC are handled by the phone while it's physically the
Re: (Score:3)
Phones can get hacked. And most people are already storing passwords on their phones. What use is two-factor authentication if a malicious app can steal both factors at the same time?
Re: (Score:2)
Phones can get hacked... so? People are already starting to use phones as payment devices with credit card and banking information stored on the phone (e.g. Google Wallet, Apple Pay). They've long used mobile banking apps where you input your username/password. That ship has sailed... phones contain sensitive information.
Anyway what's to say a bracelet with an NFC chip can't be compromised?
Re: (Score:2)
https://www.google.com/search?... [google.com]
They exist in much better form factor. My watch annoys me enough that I take it off quite often, why would I want a bracelet I can't take off?
Re: (Score:2)
The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.
I believe that the RFID tag that Coren22 suggests don't have, and can't have, the processing power required to do this right. You don't want to say "Yes, I'm 132132123123", that would be *way* too easy to fake. You want to have a back-and-forth communication that shows that you are who you are, without giving away your ID.
I think the bracelet would become a status symbol --
Re: (Score:2)
It gives an idea of what is possible, now to see if someone can put something with a little processing power into a like form factor.
Re: (Score:2)
The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.
How is that "not a problem" with a bracelet? Perhaps the bracelets are slightly less likely to be lost or stolen. Then again, I've found a lot more lost bracelets in the last 10 years than lost phones... and if they are valuable for identity theft, stealing them might well become a real thing.
Re: (Score:2)
Yeah, that's a terrible idea.
First, it's wireless, so I can "grab" your identity when you walk by. That'll be handy. It's even going to be strapped to a similar body part, so I can know exactly where to "accidentally" bump into you if it requires pushing a button to activate.
Second, you are transmitting the code through the purchase system. That's very handy, because I can just capture the code via your compromised PC.
"Two-factor" authentication systems work because the data does not flow through a singl
Re: (Score:3)
We'll see.
It's absolutely wrong that I am proposing a 'stealable' ID. No, it's not that at all. Like NFC (ApplePay and others) you don't send out your ID, your bracelet will engage in a two-way conversation that uses generates unique identifiers every time that prove that it's you without giving the system communicating with you the ability to impersonate you. It's not hard at all; we should have been doing this years ago. This is described in Bruce Schneier's Applied Cryptography twenty-fucking-years a
Re: (Score:2)
And I didn't say you were proposing a 'stealable' ID. I said I can read the code remotely. Which lets me charge you $20, just as if you were making a purchase.
See, your proposal failed to include any sort of verification by the bracelet-wearer that they wanted to make the purchase, or even verify the purchase amount.
Even if you do require something like a button press, standard location and equipment means I can push the button on your bracelet by
Re: (Score:2)
Oh, you also neglected to pay attention to how your proposal enables man-in-the-middle attacks. Again, you lack any verification by the user. All the bracelet knows is that they were presented with a valid signature. I'm making a purchase in Wal-Mart, but your plan doesn't actually verify it's Wal-Mart's certificate.
Re: (Score:2)
Last I checked, UK is a democracy, you voted them into power, you chose your fate.
If it were the US, I would say start a letter writing campaign, but I don't know exactly how the UK system works.
Re: (Score:2)
I know this may be ancient history to you, but it really wasn't that long ago.
http://www.ushmm.org/wlc/en/ar... [ushmm.org]
You should always fight expansion of powers as they can be used by bad actors just as easily as good actors.
Re: (Score:3)
You need to use a deniable encryption system for this, then. Rubberhose comes immediately to mind, but it is no longer maintained.
Essentially, what it does is enable you to store several file systems in the same disk volume, which will have had its contents randomized in the formatting process. What blocks of the disk are used for each file system is not known until the key is provided. For that matter -- and this is the deniable part -- what file systems even exist is not knowable without having all of
Only web servers? (Score:2)
Or at least, "software running on web servers"?
Is it merely the case that any server (email, XMPP, murmur, etc.) you want to get a "valid" certificate for has to also have a webserver running on it to use this system, or is it literally only intended for "web servers"?
Re: (Score:1)
I suspect its for anywhere you want to provide TLS protected connections, SSL on webservers is just the biggest use case, so its going to get the attention initialy, but i dont see any reason why agents cant be built to handle the maintenance and signup protocol on other transports than http. SSL and HTTP are not co dependant.
Its also going to be a big help in the migration to HTTP 2.0, which mandates SSL. I have a bunch of domains that i would like to move to HTTP 2.0 once it settles down, but im not up to
Four lines of code to serve HTTPS (Score:2)
It takes literally four lines of code [piware.de] to bring up HTTPS on a Python 2 server.
So if you plan to use your TLS server only for inner protocols other than HTTP, I imagine someone will probably adapt Let's Encrypt to bring up a temporary HTTPS server when
Linux foundation using MS Word?!? (Score:2)
Re: (Score:3)
I'm surprised that they are using a Windows desktop for everyday tasks such as document editing.
They're not, check the PDFinfo:
[CronoCloud ~]$ pdfinfo ISRG-CP-Feb-18-2015-DRAFT.pdf
Title: Microsoft Word - ISRG CP_ Draft 2_Clean_Draft_with_Revisions_2015-01-21.docx
Keywords:
Creator: Word
Producer: Mac OS X 10.10.2 Quartz PDFContext
They're using Word on OSX.
Re: (Score:2)
Re: (Score:2)
Well, yes, but as was once said to me. The "creatives" who design/create what is essentially a press release like this tend to be running OSX.
Another example is Linux Voice, the crowdfunded magazine. Their PDF's are done with Adobe Indesign on OSX.
Because...:
http://linux.slashdot.org/comm... [slashdot.org]
Re: (Score:2)
Confused (Score:2)
The writer seems to me to be confused between encryption of web traffic and encryption of data in general.
AFAIK, Let's Encrypt is all about making https universal. It has nothing to do with encypting application data.
Re: (Score:1)
Its ok for us linux nerds
Seriously, this is all about low barriers of access to SSL certs for webservers, the vast majority of which are either linux or other ix based. Client systems general dont need these certs, so they are not relevant. They just need a suitable root CA Cert.
Re: (Score:2)
Re:Linux only, as usual. (Score:4, Informative)
This is specifically about making it easy to offer an encrypted web site - so "Linux only" will mean it's available for the majority of websites in the world.
Unfortunately there seems to be a huge disconnect between what the Slashdot summary and linked article claims and what the actual Linux Foundation web page [letsencrypt.org] states is the goal (making encrypted websites easy to deploy). This is a much less ambitious project than the submitter thinks it is.
Re: (Score:2)
Yeah, let me know when OS X runs on server hardware and we can talk about encrypting web sites being hosted on OS X.
Yosemite Server for $19.99 (Score:2)
Yeah, let me know when OS X runs on server hardware
It took me about five seconds to search the web for os x server, which pointed me to Yosemite Server for $19.99 [apple.com]. If you're insinuating that a Mac mini is not "server hardware", I'd be interested in your reasoning.
Other AC has a point about ECC RAM (Score:2)
Anonymous Coward wrote:
OS X is infinitely faster
"Infinitely"? I'll assume that was hyperbole.
stabler
Even in the face of electromagnetic noise flipping bits in your RAM? Unlike Linux, OS X is intended to run exclusively on Mac hardware. And this comment [slashdot.org] insinuates that Macs don't support high-reliability RAM or power supplies.
Re: (Score:1)
Back under your bridge troll........
Re: (Score:2)
They dont need to, the packages are signed, they are not trying to keep the contents of the packages secret, or hide thier contents during transfer, they are only trying to ensure that they are distributed unmodified. To perform a MITM attack on the packages pulled down from a repo, you would need the private signing keys To creat new packages.
Looking through most of the .repo files in /etc/yum.repos.d on my fedora install, all the dl links are already https.
I suspect that ubuntu is the same.
Its probaly fu
Re: (Score:3)
Why does it need to be secret?
All you need is an integrity check, and the packages are all signed with the key which is included in the initial distro image (which is itself signed, available over HTTPS and has publicly published checksums).
Encryption is not necessary here. To believe it is is to completely misunderstand the purpose of encryption.