Google Alpha version of Chrome marks http as non-secure

[enlytend]

As previously hinted at, Chrome "Canary" (alpha release) has a flag which can mark non https pages as "non secure".

Note that this is on a page which has no content which traditionally needs to be "secured" (logins, checkout pages, signups, etc.)

Story at seoroundtable

 

[vivaldi]

Why is this so important to Google? Of all the websites around the world there most be very few of them who actually are in need of SSL. Do Google sell SSL certificates or what?

 

[Kate]

Even https is not so secure, if it's still using SSL instead of TLS (re Poodle bug).

 

[enlytend]

Why is this so important to Google? Of all the websites around the world there most be very few of them who actually are in need of SSL. Do Google sell SSL certificates or what?

Short version: Privacy, prevent tampering and data eavesdropping ...

Here's the long explanation:
http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

Hopefully prices will come down or more free options will become available. You can get a free class 1 certificate from StartCom - it has some limitations though.

 

[vivaldi]

Short version: Privacy, prevent tampering and data eavesdropping ...

Here's the long explanation:
http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

Hopefully prices will come down or more free options will become available. You can get a free class 1 certificate from StartCom - it has some limitations though.

They want privacy, that's what I call contradiction.

That free version, I reckon they wanted money to upgrade from the last bug or something similar. I might be wrong.

 

[Kate]

By the way, a new browser is out. A possible successor to Opera.
Code name: Vivaldi.
Available at vivaldi.com of course

 

[vivaldi]

By the way, a new browser is out. A possible successor to Opera.
Code name: Vivaldi.
Available at vivaldi.com of course

And that's what I call a coincidence

 

[enlytend]

That free version, I reckon they wanted money to upgrade from the last bug or something similar. I might be wrong.

The free Startcom cert is perfectly legit. Limitations are that it only verifies the holder's domain and email address (so shouldn't be used for ecommerce transactions - class 2 uses stronger verification). It also can't be used with wildcards or multiple domains on the same cert and can't have an organization as the owner (has to be an individual.) I believe they charge a fee to revoke.