Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Six Reasons http Will Become a Thing of the Past

639 views

Published on

The web is moving from http to https. Find out why:

https://casecurity.org/2016/11/21/the-web-is-moving-from-http-to-https/

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Six Reasons http Will Become a Thing of the Past

  1. 1. REASONS HTTP WILL BECOME A THING OF THE PAST 6
  2. 2. Reason #1: Browsers Will Warn Users of Non-HTTPS Connections Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure” Firefox plans a similar warning for sites requiring passwords and credit cards Both will transition to a more noticeable red triangle
  3. 3. Firefox Warnings When passwords are requested over http: https://blog.Mozilla.org/tanvi/2016/01/28/no -more-passwords-over-http-please/ http-password.badssl.com DevEdition 46+ http-password.badssl.com DevEdition 45
  4. 4. Chrome to Present Similar Warnings https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Treatment of HTTP pages with password or credit card form fields: Current (Chrome 53) login.example.com Jan. 2017 (Chrome 56) login.example.comNot secure
  5. 5. Reason #2: Powerful Features Only on HTTPS Encrypted Media Extension (DRM) See: https://www.chromium.org/Home/chromium- security/deprecating-powerful-features-on-insecure-origins Geolocation (Chrome 50) Device Motion/Orientation Fullscreen getUserMedia (Camera/Mic)
  6. 6. Reason #3: HTTP2 Over HTTPS Only Chrome, Firefox, IE, Edge, Safari, Opera test comparison 0 20 40 60 HTTP/2 HTTP/1.1 Latency (in milliseconds) 0 5 10 15 20 HTTP/2 HTTP/1.1 LoadTime (in seconds) See: https://http2.akamai.com/demo
  7. 7. Reason #4: Improved Referrer Data Use HTTPS for your own site and improve your referrer data! HTTP Website Operator: Source (HTTPS):
  8. 8. Reason #5: GMAIL Showing Encryption Indicators SMTP TLS Connection GUI in gmail Use publicly trusted certs for mail servers NO ENCRYPTION WITH ENCRYPTION CERTIFICATE of mail servers don’t have a publicly trusted SSL cert yet, according to Netcraft 82%
  9. 9. Reason #6: HTTPS is Coming to a Domain Near You 56%Use https 46%Participate in the digital analytics program ALL .gov OUT OF 1166 DOMAINS! As of 10/17/16
  10. 10. What Do These Mean? SymbolsThat Are Consistent, Universal, Global, No Learning Curve!
  11. 11. Consistency Matters Copyright © 2014 Symantec Corporation
  12. 12. CASC Predictions Certificate usage will continue to grow6.5 to 7.5M in 12 months Fueled by https initiatives (search ranks, powerful features, negative browser UI) SNI servers will show increased growth SHA-1 usage will decline dramatically (and so will XP!) Phishing using DV certs will continue to increase Chrome will be on the bleeding edge of changes and enforcements IPv6 will finally be adopted for CRL and OCSP lookups
  13. 13. Q&A

×