Apr 9, 2015 · 2 minutes

Internet Security Research Group has partnered with the Linux Foundation so it can continue work on Let's Encrypt, a free and automated certificate authority meant to make it easier for virtually any person or organization to encrypt connections to their websites.

The partnership will see the Linux Foundation shouldering all the organizational duties (payroll, accounting, and the like) associated with Let's Encrypt, while ISRG focuses all its efforts on working towards the certificate authority's mid-2015 debut.

Let's Encrypt was started because ISRG executive director Josh Aas believes more websites should be encrypted by default. The biggest obstacle in realizing that goal? All of the frustrations caused by working with traditional certificate authorities.

Here's how Aas described the traditional certificate issuing process in an interview with Pando:

If you want a certificate today you’re going to have to figure out that you need a certificate, you’ll have to figure out who you need to get a certificate from, you need to find out what kind of certificate you want, then you’ll have to go through an application process which is probably going to be fairly difficult to navigate.

If you make it through this certificate application process you’re usually going to have to pay something, go through a billing stage, then once you get a certificate you’re going to have to install it. Then once you’re up and running you’re going to have to figure out when a certificate needs to renew, and then when it’s up for renewal, you have to go through this process again. That's more steps than most people want to deal with. Let's Encrypt is supposed to take all the pain out of receiving those certificates with an automated system that tests a Web server, verifies its credentials, and then configures the certificate itself.

The hope is that by making it free and easy to receive a certificate, people will be more motivated to enable encryption on their websites. This would afford site operators more safety and control over how all the sensitive data they share every day is handled.

"It’s really hard for people to be aware of when they’re transmitting something sensitive and when they’re not," Aas says. "If you want people to be in control of all their data, you really have to encrypt by default at this point." Enter Let's Encrypt.

Let's Encrypt is expected to debut some time in the middle of this year. (Aas couldn't be more specific about the service's launch.) ISRG's partnership with the Linux Foundation should allow it to stick to that timeline while making sure it doesn't fall behind on all the financial and organizational drudgeries it also needs to address. And because "safe" and "free" are basically requirements to convince individuals and businesses to do anything, Let's Encrypt stands a good chance of making the web a safer place.