KTSDESIGN/Getty Images
In 1996, I registered my first website, Vaughan-Nichols & Associates. After setting up the site, one of the first things I did was to secure connections with a Secure Sockets Layer (SSL) certificate. The then-new security network protocol provided an encrypted connection and a digital certificate that authenticates a website's identity.
SSL was then, and is now, the minimum security a safe website should provide to its users. The protocol was also a major pain to set up and expensive to boot. It was to address those issues that Let's Encrypt was born.
Also: Cloudflare just changed the internet, and it's bad news for the AI giants
While everyone recognized that HTTPS was vital to secure users' web connections and essential for e-commerce sites, almost no one was using it back then. According to internet security expert Scott Helme, only 6.71% of the million most popular websites were using the security protocol. That was pathetic.
Worse still, evidence was mounting that insecure web connections would lead to security breaches. What a surprise, right? Unfortunately, no one wants to pay for security until they trip and fall into a security hole. For many users, that day came in 2010 when Firesheep demonstrated how easy it was to snoop on anyone's Wi-Fi connection. It was clear then that the only way to have reliable security is for every website to be encrypted.
Also: Your Brother printer might have a critical security flaw - how to check and what to do next
The problem was how to make the process easy, simple to install, and cheap so that people would finally adopt HTTPS. Then, as now, there are three significant types of SSL (now known as Transport Layer Security (TLS)) certificates.
These types are Domain Validation (DV) certificates, for basic single-domain certificates; Organization Validation (OV) certificate, which verifies both that the applicant owns the domain and that they represent a legitimate business or entity; and Extended Validation (EV) certificates, which are designed to provide users with the most rigorous verification of a website's identity and are intended for organizations that need to establish maximum trust, such as banks, financial institutions, and e-commerce platforms. In 2015, EV certificates could cost as much as $1,500 a year, and even a DV would run you as much as $50 annually.
To address both the cost and technical issues, the idea for Let's Encrypt took root in 2012 among technologists at Mozilla, the Electronic Frontier Foundation (EFF), and the University of Michigan. They recognized that the barriers to HTTPS, cost, complexity, and manual processes were preventing widespread adoption. They wanted a web where every site could be encrypted, by default, at no cost.
... continue reading