Slyck Chatbox - And More

Tipping the Scales on HTTPS: 2017 in Review

What's happening in the technology world! Please submit stories for this forum here.
Forum rules

Tipping the Scales on HTTPS: 2017 in Review

Postby MrFredPFL » Mon Jan 01, 2018 11:08 pm

Story :

The movement to encrypt the web reached milestone after milestone in 2017. The web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. By adding Transport Layer Security (or TLS, a prior version of which was known as Secure Sockets Layer or SSL) HTTPS fixes most of these problems. That’s why EFF, and many like-minded supporters, have been pushing for web sites to adopt HTTPS by default.

At the beginning of the year, Let’s Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let’s Encrypt’s total issuance volume has exceeded 177 million certificates. Certificate Authorities (CAs) like Let’s Encrypt issue signed, digital certificates to website owners that help web users and their browsers independently verify the association between a particular HTTPS site and a cryptographic key. Let's Encrypt stands out because it offers these certificates for free. And, with EFF’s Certbot, they are easier than ever for web masters and website administrators to get.

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users “Not secure” warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a “Not secure” warning for all HTTP pages.

One of the biggest CAs, Symantec, was threatened with removal of trust by Firefox and Chrome. Symantec had long been held up as an example of a CA that was “too big to fail.” Removing trust directly would break thousands of important websites overnight. However, browsers found many problems with Symantec’s issuance practices, and the browsers collectively decided to make the leap, using a staged distrust mechanism that would minimize impact to websites and people using the Internet. Symantec subsequently sold their CA business to fellow CA DigiCert for nearly a billion dollars, with the expectation that DigiCert’s infrastructure and processes will issue certificates with fewer problems. Smaller CAs WoSign and StartCom were removed from trust by Chrome and Firefox last year.

User avatar
Posts: 15362
Joined: Wed Aug 17, 2005 4:48 pm

Return to Tech/Internet/Other News

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008