PUBLIC MARKS with tag https

Google recently announced a security policy change that will impact future versions of the Chrome browser. Chrome is already warning that support to powerful features on insecure origins (HTTP) is deprecated, and according to recent announcements the removal will take place soon.

After we published this post Google announced that they are pushing back the release date of the HTTPS security change. They’re estimating that it will now be released to production in December 2015.

As with gradually marking HTTP as non-secure, we expect to gradually migrate these features to secure-only, based on thresholds of usage, starting with lowest usage and moving towards higher. We also expect to gradually indicate in the UX that the features are deprecated for non-secure origins.

Our study finds that the current real-world deployment of Diffie-Hellman is less secure than previously believed. This page explains how to properly deploy Diffie-Hellman on your server.

Comme vous le savez, Google pousse tout le monde à passer son site en HTTPS. La dernière trouvaille est que Chrome affiche un avertissement pour les sites en HTTP, indiquant qu'ils ne sont pas sécurisés...

a new Certificate Authority: It’s free, automated, and open. Arriving Mid-2015 Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting a certificate can be. Let’s Encrypt automates away all this pain and lets site operators turn on HTTPS with a shell command. When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server: