« SSL Labs launches | Main | HTTP client fingerprinting using SSL handshake analysis »

June 16, 2009

Security researchers ask Google to enable SSL encryption by default

A group of 38 researchers and privacy advocates sent a letter to Google asking it to enable SSL encryption by default in all its applications. Google has had the always-use-SSL option for a while but, since the feature is disabled by default, only a small number of users is taking advantage of it. Google's response was somewhere along the lines of "we'll give the users security... eventually... if we must".

Although the performance overhead of SSL is negligible for most web sites, the price of security is likely to be significant in Google's case, considering the size of its user base.

Posted by Ivan Ristić at 18:15:27 in SSL

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fd889f28834011570253cef970c

Listed below are links to weblogs that reference Security researchers ask Google to enable SSL encryption by default:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

So why did you sign the letter? Are you planning to help subsidize the cost?

Also, why wasn't a letter sent to the web mail providers who are doing less? I don't understand.

Posted by: joe | June 18, 2009 at 06:55 AM

Joe,

I didn't sign the letter. You should ask those who did.

Posted by: Ivan Ristić | June 18, 2009 at 09:35 AM

Sorry, I thought I saw your name on it. My mistake.

Posted by: Joe | June 22, 2009 at 04:23 PM

The comments to this entry are closed.

MY WORK

IronBee is the next generation web application firewall engine, and it's open source too.
ModSecurity Handbok cover
ModSecurity Handbook is the definitive guide to the world's most popular web application firewall.
Apache Security cover
Apache Security is the complete guide to securing your Apache web server.
SSL Labs offers a comprehensive SSL security assessment consisting of 250+ checks. To start, enter your domain name below:

ABOUT ME

Ivan Ristić is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server.   [LinkedIn Profile]

My Photo

TWITTER

@ivanristic

    Categories

    Archives

    FEEDS