« SSL Labs launches | Main | HTTP client fingerprinting using SSL handshake analysis »

June 16, 2009

Security researchers ask Google to enable SSL encryption by default

A group of 38 researchers and privacy advocates sent a letter to Google asking it to enable SSL encryption by default in all its applications. Google has had the always-use-SSL option for a while but, since the feature is disabled by default, only a small number of users is taking advantage of it. Google's response was somewhere along the lines of "we'll give the users security... eventually... if we must".

Although the performance overhead of SSL is negligible for most web sites, the price of security is likely to be significant in Google's case, considering the size of its user base.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fd889f28834011570253cef970c

Listed below are links to weblogs that reference Security researchers ask Google to enable SSL encryption by default:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

So why did you sign the letter? Are you planning to help subsidize the cost?

Also, why wasn't a letter sent to the web mail providers who are doing less? I don't understand.

Joe,

I didn't sign the letter. You should ask those who did.

Sorry, I thought I saw your name on it. My mistake.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

MY WORK

ModSecurity Handbook is the guide to the world's most popular web application firewall.
SSL Labs offers a comprehensive SSL security assessment consisting of 250+ checks. To start, enter your domain name below (it's free):

ABOUT ME

Ivan Ristić is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server.   [LinkedIn Profile]

My Photo

TWITTER

@ivanristic

    FEEDS