09 February 2018

From July, Google Chrome will name and shame "insecure" HTTP websites. Oh dear: read in conjunction with yesterday's post...


Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections.

Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility.

Later this year comes the stick. This summer, Google will mark non-HTTPS websites as insecure in its Chrome browser, fulfilling a plan rolled out in September 2016.

Starting with Chrome 68, due to hit the stable distribution channel on July 2018, visiting a website using an HTTP connection will prompt the message "Not secure" in the browser's omnibox – the display and input field that accepts both URLs and search queries.

Well that's just great: Google will stop trusting Symantec-issued SSL/TLS certs from this year. One option would be to drop the certificate - going from HTTPS back to good old HTTP. Unfortunately this will now flag that website as insecure! Good job Google - you can go off people, you know...


No comments:

Post a Comment