Symantec has started a program called Encryption Everywhere that will offer basic SSL/TLS Certificates to domain owners for, you guessed it, free.
Symantec wants to make the web a little more encrypted. With this goal, they will be offering free certificates to domain owners through the web hosting companies that join the new program that they have started.
The company already have some signed partnerships with more than ten currently web hosting providers currently. They include InterNetX, CertCenter, Hostpoint and Zoned. They are also close to finalizing deals with then more soon. The customers of those companies will be recieving a basic website encryption package that will include a standard SSL/TLS certificate valid for one year.
Depending on the needs and requirements of the customers, they will be able to also opt for a paid premium packages that include extended validation (EV) or wildcard certificates that are valid for multiple websites or different subdomains.
According to Symantec, which is one of the biggest certificate providers and has acquired to Verisign in 2010, only around three percent of all internet websites are currently using SSL/TLS encryption.
From the business side of the world, Symantec is adopting the freemium pricing model. This is where a product with basic functionality is offered for free on the premise, then a percentage of users will later decide to pay for the more advanced plan and features that is offered.
Roxane Divol, General Manager of the Website Security Division at Symantec said:
The need for privacy for legitimate individuals and companies is growing and it’s that need that we are responding too. This in turn generates a need for good governance and a swift mechanism for when certificates need to be revoked, and that is also something that we pay a lot of attention to.
In the recent years, security and privacy experts have extremely called for widespread encryption of internet communications following the leaks by Edward Snowden.
Bruce Schneier, Cryptography and Security Expert, believes that overall encryption will make eavesdropping more expensive and could force the intelligence agencies to hopefully give up on wholesale collection. This could also cause them to start to target people over what they are currently doing.
Symantec isn’t the first Certificate Authority to offer free certificates. This is an attempt to help encourage website owners to encrypt the user traffic. The Let’s Encrypt project, ran by the ISRG (Internet Security Research Group) and backed by Mozilla, Cisco, Akamai, Facebook and others, has issued over a million free certificates in the first three months of their launch.
According to Roxane Divol, Symantec is working on the Encryption Everywhere for a long time now. Yet they are trying to focus on seamless integration with the management platforms that are used by the hosting platforms.
There is one major difference between Let’s Encrypt and the direction that Symantec is taking when it comes to providing the certificates. Let’s Encrypt requires their users to have some knowledge regarding the deployment and management of certificates. Symantec’s approach is to have almost complete integration with the web hosting panels to make it easier for people without such skills or knowledge. Therefore the two projects are slightly different audiences.
The issue with making it easy for website owners to deploy encryption is that it also will lower the bar for hackers and criminals. When you think about it, buying an SSL/TLS certificate to encrypt malicious traffic didn’t make much since for criminals or hackers. This would be because they switched domain names so fast to evade detection by the security companies. Now the certificates could be acquired for free and in an more automated manner. This will lead to us having to deal with more malicious traffic being encrypted.