Bruce Schneier has an interesting post about a new free and open Certificate Authority, called Let's Encrypt. Let's Encrypt is designed to let any web server administrator obtain a server certificate that is recognized by the major browsers at no charge and even more important automatically. Part of the Let's Encrypt model is automating the steps that can prove to the CA that the certificate request is coming from an entity that controls both the server and the domain.
That's huge. Two of the big pains about server certificates is that a) they are expensive and b) obtaining, installing, and renewing them can contain a lot of manual steps. Reducing that friction is a great thing. It would be great if every secure web server had a certificate that was recognized by web browsers and renewed before it expired. This would make certificate-related popup messages so rare that maybe we could convince users to read them and not automatically just say yes.
Let's Encrypt has some high level juice behind it. The current sponsors are Mozilla, Akamai, Cisco, EFF, and IdenTrust. It will be interesting to see what the other big tech companies (some of whom sell certificates) do.
The service is slated to go live in the summer of 2015.
There are threads in SlashDot and HackerNews, but bring your paranoia filters with you when you read them (and the comments on Schneier's blog.)