"Article Summary" Chrome's security team is working on a plan to explicitly notify users that HTTP connections are very insecure. Many netizens believe that the browser will not report an error is safe, but Google Security team pointed out that "the Web browser is the only non-warning situation, it is not safe, is the use of the HTTP transport protocol." ”
Chrome's security team is working on a plan to explicitly notify users that HTTP connections are very insecure, or that Google will mark HTTP as unsafe in 2015, and that unsafe warnings might resemble the current HTTPS insecure error ID.
Many netizens believe that the browser will not report the error is safe, but Google Security team pointed out that "the Web browser is the only non-warning situation, it is not safe, is the use of HTTP plaintext transmission protocol." "While the current browser has a corresponding warning about the unsafe factors for HTTPS encrypted connections, there is no hint for a completely unsecured HTTP plaintext connection!" This is very unreasonable. "Google's decision is a big step in the right direction," said Ivan Ristic, author of the SSL labs, a well-known SSL checkup tool. ”
Google implies that the connection Transport Layer Security is divided into three states: security (with a valid HTTPS certificate), suspicious (valid HTTPS with an unsafe factor or TLS error), unsafe (invalid HTTPS or HTTP plaintext connection).
Google encourages suppliers to adopt a phased approach to these changes. "We all need secure, private, and tamper-proof data communications, and when data transmission is not secure, we should explicitly prompt the user to make informed decisions." The Google security team wrote.
PostScript language
Internet giants are emphasizing the importance of HTTPS and are constantly supporting the ubiquitous use of HTTPS in their products. CA institutions at home and abroad, but also in order to make a contribution to the popularization of HTTPS applications, the domestic wosign wosign provides free SSL certificate, global Trust and support all browsers and mainstream mobile devices, has helped tens of thousands of of the site 0 of the cost of HTTPS encryption protection.
2015 HTTP will be flagged as unsafe by Google