Must have SSL or dedicated IP address?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Must have SSL or dedicated IP address?

Christian Trujillo
I am a web developer and I was talking with a hosting provider we use for
marketing sites and blogs, as we were discussing opening a new account we
were told that google was looking at enforcing SSL or a dedicated IP
address on each site otherwise you would be penalized.

As I was doing more research on this I found this article:

https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure


If this is real and google will serously enforce this and penilize sites in
my opinion it would be the STUPIDIEST (sorry) thing google has ever done.

The reason why google's search engine is so big and popular as we all know,
is for the quality of the results shown. This results are based on content
and relevance. There are millions of website which contain the answers the
user is looking for and most all of them dont have the budget to pay for an
SSL cert a year.
Google will loose this sites, its credibility and quality of results. I
would personally move to Bing and will make sure to explain all my
followers why.

I cannot believe this is being considered.


THIS COMMUNICATION IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY
TO WHICH IT IS ADDRESSED AND CONTAINS OR MAY CONTAIN INFORMATION THAT IS
PRIVILEGED, CONFIDENTIAL OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If
the reader of this communication is not the intended recipient (or the
employee or agent responsible for delivering to the intended recipient),
you are hereby notified that any dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received this
communication in error, please disregard and delete this communication, and
do not disseminate or retain any copy of this communication.
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Must have SSL or dedicated IP address?

Vincent Lynch
Google has never announced that there will be a penalty for sites that are
not using SSL. They have only announced that SSL will be a *small* boost to
rankings.

The word "penalty" does not appear anywhere on the page you linked.

SSL certificates are available for free through multiple providers. Let's
Encrypt (www.letsencrypt.org) is the most popular of the free providers.

(I am not affiliated with Google)

-Vincent

On Thursday, September 15, 2016, Christian Trujillo <
[hidden email]> wrote:

> I am a web developer and I was talking with a hosting provider we use for
> marketing sites and blogs, as we were discussing opening a new account we
> were told that google was looking at enforcing SSL or a dedicated IP
> address on each site otherwise you would be penalized.
>
> As I was doing more research on this I found this article:
>
> https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
>
>
> If this is real and google will serously enforce this and penilize sites
> in my opinion it would be the STUPIDIEST (sorry) thing google has ever
> done.
>
> The reason why google's search engine is so big and popular as we all
> know, is for the quality of the results shown. This results are based on
> content and relevance. There are millions of website which contain the
> answers the user is looking for and most all of them dont have the budget
> to pay for an SSL cert a year.
> Google will loose this sites, its credibility and quality of results. I
> would personally move to Bing and will make sure to explain all my
> followers why.
>
> I cannot believe this is being considered.
>
>
> THIS COMMUNICATION IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR
> ENTITY TO WHICH IT IS ADDRESSED AND CONTAINS OR MAY CONTAIN INFORMATION
> THAT IS PRIVILEGED, CONFIDENTIAL OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE
> LAW. If the reader of this communication is not the intended recipient (or
> the employee or agent responsible for delivering to the intended
> recipient), you are hereby notified that any dissemination, distribution,
> or copying of this communication is strictly prohibited. If you have
> received this communication in error, please disregard and delete this
> communication, and do not disseminate or retain any copy of this
> communication.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Security-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [hidden email]
> <javascript:_e(%7B%7D,'cvml','security-dev%[hidden email]');>.
>


--
Vincent Lynch
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Must have SSL or dedicated IP address?

Emily Schechter
Per the response on the bug -- to be clear, this change is strictly about
how the Chrome browser UI indicates the status of a page you're on (i.e.
the lock icon next to HTTPS in the URL bar).

On Thu, Sep 15, 2016 at 3:41 PM, Vincent Lynch <[hidden email]> wrote:

> Google has never announced that there will be a penalty for sites that are
> not using SSL. They have only announced that SSL will be a *small* boost to
> rankings.
>
> The word "penalty" does not appear anywhere on the page you linked.
>
> SSL certificates are available for free through multiple providers. Let's
> Encrypt (www.letsencrypt.org) is the most popular of the free providers.
>
> (I am not affiliated with Google)
>
> -Vincent
>
> On Thursday, September 15, 2016, Christian Trujillo <
> [hidden email]> wrote:
>
>> I am a web developer and I was talking with a hosting provider we use for
>> marketing sites and blogs, as we were discussing opening a new account we
>> were told that google was looking at enforcing SSL or a dedicated IP
>> address on each site otherwise you would be penalized.
>>
>> As I was doing more research on this I found this article:
>>
>> https://www.chromium.org/Home/chromium-security/marking-http
>> -as-non-secure
>>
>>
>> If this is real and google will serously enforce this and penilize sites
>> in my opinion it would be the STUPIDIEST (sorry) thing google has ever
>> done.
>>
>> The reason why google's search engine is so big and popular as we all
>> know, is for the quality of the results shown. This results are based on
>> content and relevance. There are millions of website which contain the
>> answers the user is looking for and most all of them dont have the budget
>> to pay for an SSL cert a year.
>> Google will loose this sites, its credibility and quality of results. I
>> would personally move to Bing and will make sure to explain all my
>> followers why.
>>
>> I cannot believe this is being considered.
>>
>>
>> THIS COMMUNICATION IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR
>> ENTITY TO WHICH IT IS ADDRESSED AND CONTAINS OR MAY CONTAIN INFORMATION
>> THAT IS PRIVILEGED, CONFIDENTIAL OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE
>> LAW. If the reader of this communication is not the intended recipient (or
>> the employee or agent responsible for delivering to the intended
>> recipient), you are hereby notified that any dissemination, distribution,
>> or copying of this communication is strictly prohibited. If you have
>> received this communication in error, please disregard and delete this
>> communication, and do not disseminate or retain any copy of this
>> communication.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Security-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [hidden email].
>>
>
>
> --
> Vincent Lynch
>
> --
> You received this message because you are subscribed to the Google Groups
> "Security-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [hidden email].
>
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Loading...