Summary Bullets:

• Users don’t have a way for readily knowing when a site should be protected using SSL/TLS or not, and Google engineers are proposing yet another indicator.
• A better use of their time would be in working with existing standards efforts – or starting a new one – that let site owners indicate when a site should be protected.

Google is using its size in the web arena to affect changes in how users view the relative “security” of websites. I put security in scare quotes because that word has a dubious meaning at best and more likely doesn’t mean what the company intends. The short story is that Google wants a way to indicate to end users that a page which is not properly protected using TLS – the current, improved version of SSL – is not secure. Continue reading “Marking HTTP Sites as Insecure: The Emperor’s New Clothes Indeed!” →