I'm on a bit of a vacation (as much as my work allows) but I wanted to take a minute to post about a meeting I had with Symantec. I apologize in advance but my thoughts seem more brief in my head.
A bit of background, I made a post pondering "Norton is scamming me?" (you probably didn't see it but that's okay). Since "sorting out" that issue I have been in conversation with Symantec and they have been busy purchasing BlueCoat and LifeLock. The internet is moving to SSL as default and Symantec seems to be making a push to be a leader in authentication.
Coming in 2017 Google Chrome is starting to broadcast a "Not Secure" with triangle alert with Firefo.... As the article explains the change is just a stopgap and they are moving to more aggressive unsecured messages later in 2017. The "I'm going to make all of my login and checkout pages secure" thought is gone! Now all website pages will need to be secured with a SSL certificate or you can expect a unsecured notice. The Google Chrome error is browser based so that means that even internal web pages would error if they don't have a SSL. Many of us have already gone to SSL by default for websites we design or interact with but "SSL everything" is new?
There is probably enough discussion about EV, OV, DV and let's just agree that any certificate is better than no certificate? I remember how crazy the Y2K thing was and by crazy I mean profitable. This seemingly isn't being talked about as much but make no mistake about it this is a huge change. I hope that you guys are prepared? Is anyone else thinking about this?
roy darling *my posts seem a lot shorter in my head
Great topic for discussion, @rd! I was recently reading about how WordPress is also pushing for all hosts offering SSL in 2017. Since WordPress makes up a huge amount of the websites on the web, that will definitely have an effect. It will be interesting to see where this takes the world of hosting and encryption.
Great Post! While I believe in the SSL everything concept, it has not been widely practiced. The new changes to more secure encryption is not fully implemented either. Both Chrome and Firefox show error or insecure messages on many websites, including those that simply include affiliate ads with http links rather than https. A couple of marketing companies are now modifying all adverts to prevent these widespread errors alerting visitors to "insecure scripts" and mixed content.
The one feature I find most confounding is that email has been rather neglected in terms of encryption. Sure, I can use GPG or something, but major "free" email providers don't even support the transmission of encrypted passwords. Same with many CMS used for rapid web design, so of course, you want to add as much encryption as possible to protect just the basic info you have like passwords.