Recommended Posts

James    6

Symantec wants to see 100% of legitimate websites secured by 2018, and Encryption Everywhere was developed to support that goal. Encryption Everywhere is a website security package available through web hosting providers offering basic website encryption included as part of any hosted service, and a number of premium security packages with increasingly stronger levels of website validation, protection, and trust seals.

Roxane Divol, senior vice president and general manager, Website Security, Symantec says “There are almost a billion web sites today, yet only about 3% of those sites are encrypted.”

Mike MacCana, founder at CertSimple says “We announced it in November, but now it’s official: Symantec is the first of the large CAs to be providing DV certs for free. There will be at least one other major CA that will announce the same thing.”

 

Share this post


Link to post
Share on other sites
rugk    5
On 12.7.2016 at 1:26 PM, James said:

“There are almost a billion web sites today, yet only about 3% of those sites are encrypted.”

Which is completly wrong as Let's Encrypt shows based on Mozilla Telemetry (for pageloads here).

 

On 12.7.2016 at 1:26 PM, James said:

Symantec is the first of the large CAs to be providing DV certs for free.

Also wrong. Let's Encrypt is the first CA and if you want to count StartCom as a "large CA" StartSSL is the first. Let's Encrypt itself is already among at largest CAs. (I cannot find a source right now through...)
But maybe, they meant "traditional CAs" or something like this. ;)

BTW: It is also stupid of Symantec that they charge for ECC certs.

 

Regarding the CertSimple post:

Quote

There's so much Symantec could do here but isn't:  [...] Handling CSP and XSS warnings

This is completely unrelated to HTTPS, so I don't understand what they want to suggest there. Additionally are CSP and XSS in this context the same, maybe they rather meant CSP and HPKP warnings... (which would at least somehow related to HTTPS, but would still does not make sense for a CA)

Edited by rugk
  • Like 1

Share this post


Link to post
Share on other sites
James    6

That’s really interesting. How (or indeed why) can Symantec be so wrong on their stats? They have just launched their Encryption Everywhere service so you would have thought they would have done their homework and yet the headline still says 97% are unencrypted.

For reference this is what Let’s Encrypt said (your link) last month (June 2016): ‘When we launched in December of 2015, 39.5% of page loads on the Web used HTTPS (as measured by Firefox Telemetry). By mid-April 2016 that number was up to 42% and today it stands at 45%.’

Share this post


Link to post
Share on other sites
rugk    5
6 hours ago, James said:

why can Symantec be so wrong on their stats?

Marketing?

I mean they provided no sources, ...

But it seems they measured websites, whereas LE measures page loads, which show a bit more realistic scenario as I assume there are millions of unused or tiny websites, which do not get any visitors at all.

Share this post


Link to post
Share on other sites
James    6

Hmm, I suppose if you count page loads then heavy hitters like Google, Facebook and Twitter will swamp the data.

It appears that the more popular the site, the more likely it is to have HTTPS.

July 20, 2016, 10.6% of Alexa top 1,000,000 websites use HTTPS as default.
https://statoperator.com/research/https-usage-statistics-on-top-websites/

July 6, 2016, 40.5% of the Internet's 140,132 most popular websites have a secure implementation of HTTPS.
https://www.trustworthyinternet.org/ssl-pulse/

Share this post


Link to post
Share on other sites
James    6

The SSL Store is now reselling Symantec’s Encryption Everywhere. Although their marketing seems to suggest they think the main benefit is upselling rather than the service itself: “This new program allows web hosts to bundle entry-level encryption to ALL hosting packages and then implement structured & proven upsell paths!”

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now