Google is upgrading all of its SSL certificates to 2048-bit keys by the end of 2013, which will make using its services more private.
The news came after Google’s chairman Eric Schmidt said the company has “a clear business incentive” to protect user privacy. It has been heavily criticised for allegedly doing the opposite in the past, with Microsoft hounding it in “Scroogled” marketing pushes noting how Google looks through people’s personal data for advertising purposes.
Yesterday evening, the tech titan said it would begin switching to the new 2048-bit certificates on 1 August, and its root certificate was included.
There could be some technical issues for software makers hooking up to Google services, the firm admitted, but it has offered advice on its blog.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications,” said Stephen McHenry, director of information security engineering.
“This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.
“For a smooth upgrade, client software that makes SSL connections to Google (e.g. HTTPS) must:
Perform normal validation of the certificate chain;
Include a properly extensive set of root certificates contained. We have an example set which should be sufficient for connecting to Google in our FAQ. (Note: the contents of this list may change over time, so clients should have a way to update themselves as changes occur);
Support Subject Alternative Names (SANs).”
SSL security has been in the spotlight repeatedly in recent times. Many are interested in how the UK government plans to crack SSL communications if it gets the go ahead with its Communications Data Bill, otherwise known as Snoopers’ Charter. The proposed law would give police greater and faster access to citizens’ comms information.
The deep packet inspection technology is available to look into SSL traffic, however. Blue Coat is building up a significant portfolio that can probe encrypted packets travelling over SSL, having just bought Solera Networks, which claims to provide something akin to a digital video recorder (DVR) for the network.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…