Six Reasons http Will Become a Thing of the Past
•Télécharger en tant que PPTX, PDF•
0 j'aime•806 vues
The web is moving from http to https. Find out why: https://casecurity.org/2016/11/21/the-web-is-moving-from-http-to-https/
Recommandé
Contenu connexe
En vedette
En vedette (12)
Similaire à Six Reasons http Will Become a Thing of the Past
Similaire à Six Reasons http Will Become a Thing of the Past (20)
Plus de CASCouncil
Plus de CASCouncil (20)
Dernier
Dernier (20)
Six Reasons http Will Become a Thing of the Past
- 1. REASONS HTTP WILL BECOME A THING OF THE PAST 6
- 2. Reason #1: Browsers Will Warn Users of Non-HTTPS Connections Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure” Firefox plans a similar warning for sites requiring passwords and credit cards Both will transition to a more noticeable red triangle
- 3. Firefox Warnings When passwords are requested over http: https://blog.Mozilla.org/tanvi/2016/01/28/no -more-passwords-over-http-please/ http-password.badssl.com DevEdition 46+ http-password.badssl.com DevEdition 45
- 4. Chrome to Present Similar Warnings https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Treatment of HTTP pages with password or credit card form fields: Current (Chrome 53) login.example.com Jan. 2017 (Chrome 56) login.example.comNot secure
- 5. Reason #2: Powerful Features Only on HTTPS Encrypted Media Extension (DRM) See: https://www.chromium.org/Home/chromium- security/deprecating-powerful-features-on-insecure-origins Geolocation (Chrome 50) Device Motion/Orientation Fullscreen getUserMedia (Camera/Mic)
- 6. Reason #3: HTTP2 Over HTTPS Only Chrome, Firefox, IE, Edge, Safari, Opera test comparison 0 20 40 60 HTTP/2 HTTP/1.1 Latency (in milliseconds) 0 5 10 15 20 HTTP/2 HTTP/1.1 LoadTime (in seconds) See: https://http2.akamai.com/demo
- 7. Reason #4: Improved Referrer Data Use HTTPS for your own site and improve your referrer data! HTTP Website Operator: Source (HTTPS):
- 8. Reason #5: GMAIL Showing Encryption Indicators SMTP TLS Connection GUI in gmail Use publicly trusted certs for mail servers NO ENCRYPTION WITH ENCRYPTION CERTIFICATE of mail servers don’t have a publicly trusted SSL cert yet, according to Netcraft 82%
- 9. Reason #6: HTTPS is Coming to a Domain Near You 56%Use https 46%Participate in the digital analytics program ALL .gov OUT OF 1166 DOMAINS! As of 10/17/16
- 10. What Do These Mean? SymbolsThat Are Consistent, Universal, Global, No Learning Curve!
- 11. Consistency Matters Copyright © 2014 Symantec Corporation
- 12. CASC Predictions Certificate usage will continue to grow6.5 to 7.5M in 12 months Fueled by https initiatives (search ranks, powerful features, negative browser UI) SNI servers will show increased growth SHA-1 usage will decline dramatically (and so will XP!) Phishing using DV certs will continue to increase Chrome will be on the bleeding edge of changes and enforcements IPv6 will finally be adopted for CRL and OCSP lookups
- 13. Q&A
Notes de l'éditeur
- The SSL protocol is stronger now than ever, because of the number of researchers assessing it and the improvements that have been made. What’s important is that we’re evolving, and we have a better unity than ever before in focusing on efforts that will earn the trust we seek from our customers and all users and improve internet security.
- Increased threats towards CAs from sophisticated hacker networks, global cybercriminal organizations and state-sponsored espionage. Pressure for global and increasingly tough standards - CA/B Forum, Network Security Guidelines. Great need for research and education to help people better understand how to use SSL to its maximum benefit. There needs to be a leader and it can’t be just one CA, it must be a unified group.
- The CASC’s mission is to advance internet security by promoting deployments and enhancements to publicly trusted certificates and through public education, collaboration, and advocacy. Promotion of best practices that advance trusted SSL deployment and CA operations as well as the security of the internet in general. The CASC strives for the adoption of digital certificate best practices and the proper issuance and use of digital certificates by CAs, browsers, and other interested parties. While not a standards-setting organization, the CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure.
- What’s important is for people to realize that we as CAs can do more to improve SSL security, but not alone. Browsers, software vendors, web server administrators, even end users can contribute by getting educated about the key factors and working together to value security. The CASC works actively with browsers, relying parties and other stakeholders to enhance internet security through practical, thoughtful measures and collaborative research. In addition, the CASC supports the efforts of the CA/Browser Forum and other standards-setting bodies in their important work, and will continue to help develop reasonable and practical enhancements that improve trusted Secure Sockets Layer (SSL) and Certificate Authority (CA) operations.
- Coinciding with its launch, the CASC is announcing the first of a planned series of educational and advocacy efforts related to best practices in SSL deployment with a focus on the importance of online certificate status checking and revocation. Specifically, the CASC will highlight the benefits of OCSP stapling for web server administrators, software vendors, browser makers, and end-users through blog posts, conference presentations and other resources.