Send in your ideas. Deadline October 1, 2024
More info available :
Theme fund: Internet Hardening Fund
Start: 2020-12
End: 2022-12

Certbot ECDSA support

Certbot, part of EFF’s larger effort to encrypt the entire Internet, is a free, open source software tool used to encrypt traffic to tens of millions of websites. By automatically generating and configuring Let’s Encrypt certificates on webservers to enable HTTPS, Certbot improves the privacy and security of hundreds of millions of users worldwide. The project strives to provide the highest standard of security, which is why we are keen to implement Elliptic Curve Digital Signature Algorithm (ECDSA) support. ECDSA support in Certbot will improve privacy, performance, and trust for Internet users via improved authentication and security.

Why does this actually matter to end users?

Modern encryption is essential to our technology stack, and delivers the final stronghold of security and privacy. The underlying mathematical principles ultimately stand between users and pretty much every online threat. But encryption is not some remote magic that emerges out of thin air: reliable encryption at the scale of the internet is only possible with a large infrastructure to sign digital certificates that can be used to anchor trust.

As the default client of the worlds largest certificate authoritity (Let's Encrypt), Certbot is one of the most used security tools in use today. It is responsible for the security of many many millions internet applications that depend on Let's Encrypt's free service to create certificates with their domain names. Certificates which can then be directly deployed for adding transport layer security to for instance the website of your hospital, the email server from a school, or an instant messaging service you use to communicate with friends and family.

Cryptography is continually evolving, and every day new insights emerge while at the same time new methods emerge which break older cryptography. Upgrading the default encryption algorithm used from (legacy) RSA to the more modern ECDSA is a sane (and highly anticipated) intermediate step, due to the significantly increased robustness against brute force attack by conventional computers.

Run by Electronic Frontier Foundation (EFF)

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.