Google is upgrading all of its SSL certificates to 2048-bit keys by the end of 2013, which will make using its services more private.
The news came after Google’s chairman Eric Schmidt said the company has “a clear business incentive” to protect user privacy. It has been heavily criticised for allegedly doing the opposite in the past, with Microsoft hounding it in “Scroogled” marketing pushes noting how Google looks through people’s personal data for advertising purposes.
Yesterday evening, the tech titan said it would begin switching to the new 2048-bit certificates on 1 August, and its root certificate was included.
There could be some technical issues for software makers hooking up to Google services, the firm admitted, but it has offered advice on its blog.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications,” said Stephen McHenry, director of information security engineering.
“This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.
“For a smooth upgrade, client software that makes SSL connections to Google (e.g. HTTPS) must:
Perform normal validation of the certificate chain;
Include a properly extensive set of root certificates contained. We have an example set which should be sufficient for connecting to Google in our FAQ. (Note: the contents of this list may change over time, so clients should have a way to update themselves as changes occur);
Support Subject Alternative Names (SANs).”
SSL security has been in the spotlight repeatedly in recent times. Many are interested in how the UK government plans to crack SSL communications if it gets the go ahead with its Communications Data Bill, otherwise known as Snoopers’ Charter. The proposed law would give police greater and faster access to citizens’ comms information.
The deep packet inspection technology is available to look into SSL traffic, however. Blue Coat is building up a significant portfolio that can probe encrypted packets travelling over SSL, having just bought Solera Networks, which claims to provide something akin to a digital video recorder (DVR) for the network.
What do you know about Internet security? Find out with our quiz!
OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…
European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…
James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…
Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…
Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…
Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…