Last year Google proposed marking any and all sites not using SSL in a negative fashion in its Chrome browser. This year they are indicating they plan on moving forward with this:
Google Chrome gets ready to mark all HTTP sites as ‘bad’
To clarify what this means for small content creators… an extra ~$100+ a year for hosting a website, not to mention SSL adds a layer of complexity to the hosting.
If your site houses or manipulates secure data… I get it. You don’t want users shooting their credit card numbers or account passwords across the world wide web unencrypted.
But for a blog, like this one for example, why the punishment?
Part of the issue with SSL Security is that it is “tied” to a trusted CA (certificate authority) architecture. I propose Google, or some other intelligent group of folks, come up with a new trusted encryption model that can insure integrity, confidentiality, and accessibility of secure data and transactions without requiring a centralized trust (i.e. Verisign or other certificate authorities). Why can’t we have distributed trust? We have seen similar distributed approaches in other areas like digital currency (bitcoin), p2p networking (bitorrent), and application hosting (Content Delivery Networks). I realize that a distributed model for encryption and security comes with some inherent challenges but I think it can be done. I believe a centralized trust model is archaic. I would love for some wiser and more intelligent experts to weigh in… What am I missing?
Cheers and happy Friday!
And there we are: https://letsencrypt.org/howitworks/