Google is upgrading all of its SSL certificates to 2048-bit keys by the end of 2013, which will make using its services more private.
The news came after Google’s chairman Eric Schmidt said the company has “a clear business incentive” to protect user privacy. It has been heavily criticised for allegedly doing the opposite in the past, with Microsoft hounding it in “Scroogled” marketing pushes noting how Google looks through people’s personal data for advertising purposes.
Yesterday evening, the tech titan said it would begin switching to the new 2048-bit certificates on 1 August, and its root certificate was included.
There could be some technical issues for software makers hooking up to Google services, the firm admitted, but it has offered advice on its blog.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications,” said Stephen McHenry, director of information security engineering.
“This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.
“For a smooth upgrade, client software that makes SSL connections to Google (e.g. HTTPS) must:
Perform normal validation of the certificate chain;
Include a properly extensive set of root certificates contained. We have an example set which should be sufficient for connecting to Google in our FAQ. (Note: the contents of this list may change over time, so clients should have a way to update themselves as changes occur);
Support Subject Alternative Names (SANs).”
SSL security has been in the spotlight repeatedly in recent times. Many are interested in how the UK government plans to crack SSL communications if it gets the go ahead with its Communications Data Bill, otherwise known as Snoopers’ Charter. The proposed law would give police greater and faster access to citizens’ comms information.
The deep packet inspection technology is available to look into SSL traffic, however. Blue Coat is building up a significant portfolio that can probe encrypted packets travelling over SSL, having just bought Solera Networks, which claims to provide something akin to a digital video recorder (DVR) for the network.
What do you know about Internet security? Find out with our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…