EFF Applauds ‘Massive Change’ to HTTPS

“The movement to encrypt the web reached milestone after milestone in 2017,” writes the EFF, adding that “the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol.”
In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let’s Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let’s Encrypt’s total issuance volume has exceeded 177 million certificates…

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users “Not secure” warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a “Not secure” warning for all HTTP pages… The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically…
The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year… [And] there’s plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

Share on Google+

of this story at Slashdot.


Posted in Uncategorized