Security/Automation/Winter Of Security 2015/Certificate Automation tooling for Lets Encrypt

From MozillaWiki
< Security‎ | Automation‎ | Winter Of Security 2015
Revision as of 02:02, 25 September 2015 by Jcjones (talk | contribs) (Initial version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
WinterOfSecurity logo light horizontal.png

Team

Introduction

<to be filled in by the team>

Members

Project

Description

Let's Encrypt is a certificate authority that aims to streamline the issuance and management of X.509 Certificates, the authentication mechanism behind Transport Layer Security (TLS). Today, Let's Encrypt provides a tool to manipulate server configuration files to enable TLS. This project would be to write a module or patch for a popular web server such that it natively speaks the ACME protocol for Certificate Management. For example, the team could produce an Apache module (mod_acme) to handle certificate issuance and renewal automatically, with the eventual goal of being included in Apache distributions by default.

Scope

DRAFT The scope of this project is to demonstrate the utility of implementing ACME integrated within a common web server software package.

Success Criteria

DRAFT This project is successful if it can show a substantial improvement in usability, scalability, and/or reliability by making the chosen Web Server software package "ACME-aware". Metrics for this success criteria could be derived by comparing the time it takes for an administrator to renew domains against the official Let's Encrypt client, and/or against certificate management from a different Certificate Authority. Alternative metrics can also be proposed to similarly show, quantitatively, an improvement in some aspect of certificate management versus the official Let's Encrypt client.

The ultimate goal of all Let's Encrypt efforts is to take the work out of getting HTTPS, and thus that is this project's ultimate goal as well.


Updates

Week Ending 2015-09-25

<to be filled in by the team>

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Automation/Winter_Of_Security_2015/Certificate_Automation_tooling_for_Lets_Encrypt&oldid=1097553"