Google Takes Another Step Forward in Cleaning Up The Security of the Internet
Good for Google, after 40 years of inaction by the IT industry, they decided to mark sites without the correct digital certificate on HTTPs as a security risk. Why? Because we need to dump HTTP. Not just because it can be sniffied — which is bad in itself, but because that sites should identify themselves properly. A site without a certificate should be aged out of the Internet, forever. It is unbelieveable that some companies still say .. “Our site is okay without a certificate, as we flip to HTTPs when there’s a payment” … and miss the point there is almost not trust involved in a site without the certificate.
And so Google Chrome — which has over 70% of the browser market (Figure 1), and which is rising all the time— has the clout to move the industry, and so we have seen a massive ramp up in the correct usage of certificates. Those who have incorrect certificate details are marked as a security risk.
All that is required now, is to download the Let’s Encrypt application, run it on the trusted server, and you have a new key pair, and a trusted certificate — no payments required. So after years of paying for a…