

Google May Push Sites to Use Encryption - mdesq
http://blogs.wsj.com/digits/2014/04/14/google-may-push-sites-to-use-encryption/

======
mark_l_watson
I have mixed feelings about this: any site that has input forms, handles user
data, etc. should use the HTTPS protocol.

However, for static content only sites, what is the point?

~~~
pdkl95
Encryption of _everything_ has a few important benefits:

1) It effectively ends the ability to run _passive_ mass-eavesdropping
devices. Even without checked authenticity, you still force anybody trying to
listen in to run a more expensive (in both money and CPU) MitM attack.
Changing costs from "deploy once and record everybody" to "pay per-target" is
huge.

2) We need to normalize (socially) the use of encryption in general, so the
people that DO need it don't look suspicious. To paraphrase Phil
Zimmermann[1], what you're sending may be simply a holiday greeting-card, but
you still put it in an _envelope_.

[1]
[http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html](http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html)

~~~
mark_l_watson
Thanks for that. I now agree with you.

------
junto
Google should set themselves up as a StartSSL competitor. Free SSL certs for
everyone in an easy to use interface.

For anyone who wants more than 3 then they have to pay a fee.

