Google Enables Forward Secret HTTPS for Google+, Search, Gmail
Google enables forward secure HTTPS encryption for its key Web services and advises other major Websites to thwart hackers from engaging in retrospective decryption.Like Fox Mulder in the "X-Files," Google (NASDAQ:GOOG) is fighting the future when it comes to securing email search and other Web services.
The search engine provider, which last month made HTTPS encryption its default security mode for search, Nov. 22 said it has added forward secret HTTPS for Google+, Gmail, SSL Search and Docs, paving the way for more secure Web services in the future.
Google Security team member Adam Langley also said Google has released the work that it did on the open-source OpenSSL library that led to forward secrecy HTTPS encryption.
"We would very much like to see forward secrecy become the norm and hope that our deployment serves as a demonstration of the practicality of that vision," added Langley, who provided more detail of Google's security move on his personal blog. Google's security team has been very active in trying to thwart some of the more mainstream attacks on its Web services. Google in April began work on two security projects to improve the public key infrastructure, which was rocked by the Comodo digital certificate spoofing incident in March.
The Google Certificate Catalog is a database of all of the SSL certificates Google's Web crawlers record in the DNS for the company's search engine and Web services. The DANE Working Group at the IETF is intended to allow domain operators to publish information about SSL certificates used on their hosts.