INSIDE ‘MOAR TLS’
Transcript of INSIDE ‘MOAR TLS’
![Page 1: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/1.jpg)
INSIDE ‘MOAR TLS’How we think about encouraging external
HTTPS adoption on the web
Emily Schechter, Google
![Page 2: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/2.jpg)
MOVING THE WEB TO HTTPS IS
IMPORTANT
Today’s web has superpowers.
HTTPS protects our data.
![Page 3: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/3.jpg)
MOVING THE WEB TO HTTPS IS
CHALLENGING
“Just get a cert” is not enough for large sites.
Multi-ecosystem changes can’t happen overnight.
![Page 4: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/4.jpg)
JAN 2016
Supports HTTPS 39
Defaults HTTPS 24
HTTPS support on Top 100 sites
![Page 5: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/5.jpg)
JAN 2016 JAN 2017
Supports HTTPS 39 54
Defaults HTTPS 24 44
HTTPS support on Top 100 sites
![Page 6: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/6.jpg)
HOW DID WE GET HERE?What are BROWSERS doing?
WHAT’S LEFT TO DO?How can YOU help?
![Page 7: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/7.jpg)
WHAT ARE BROWSERS DOING?
Removing hurdles preventing HTTPS adoption.
Creating meaningful change with gradual steps.
![Page 8: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/8.jpg)
WHAT ARE BROWSERS DOING?
1. Changing browser UI2. Changing powerful feature support
![Page 9: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/9.jpg)
Not so long ago…Mixed content in Chrome
Mixed content
HTTP
https://mixed.example.com
![Page 10: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/10.jpg)
Current treatment ofHTTP pages in Chrome
![Page 11: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/11.jpg)
Eventual treatment ofHTTP pages in Chrome
![Page 12: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/12.jpg)
Treatment of HTTP pageswith password or credit card inputs
in Chrome
before Chrome 56
Chrome 56
![Page 13: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/13.jpg)
![Page 14: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/14.jpg)
WHAT ARE BROWSERS DOING?
1. Changing browser UI2. Changing powerful feature support
![Page 15: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/15.jpg)
● Service Worker
● Push notifications
● Credit card autofill
● HTTP/2
REQUIRE SECURE CONTEXTS FOR POWERFUL NEW FEATURES.
![Page 16: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/16.jpg)
REQUIRE SECURE CONTEXTS FOR POWERFUL OLD FEATURES.
● Geolocation
● getUserMedia()
● Encrypted Media Extensions
● AppCache
![Page 17: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/17.jpg)
HOW DID WE GET HERE?What are BROWSERS doing?
WHAT’S LEFT TO DO?How can YOU help?
![Page 18: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/18.jpg)
LET’S CHANGE THE WAY
WE TALK ABOUT HTTPS
There are BUSINESS BENEFITS to migrating.
![Page 19: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/19.jpg)
HTTPS IS A BUSINESS CASE
1. Powerful features
2. Performance
3. Perceptions
![Page 20: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/20.jpg)
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 21: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/21.jpg)
FLIPKART.COM
● 70% greater conversion rate
● 3x more time spent on site
● 40% higher re-engagement rate
● 3x lower data usage
![Page 22: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/22.jpg)
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 23: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/23.jpg)
TLS optimizations
● TLS false start
● TLS session resumption
● TLS/1.3
TLS-limited
perf improvements
● HTTP/2
● Service Workers
● Brotli compression
![Page 24: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/24.jpg)
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 25: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/25.jpg)
a. Certificate pricingb. Ad revenue
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 26: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/26.jpg)
a. Certificate pricingb. Ad revenue
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 27: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/27.jpg)
https://letsencrypt.org/2017/01/06/le-2016-in-review.html
Let’s Encrypt 2016 Year in Review
![Page 28: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/28.jpg)
a. Certificate pricingb. Ad revenue
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 29: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/29.jpg)
Requests to Google Ads servers over HTTPS
Jan 2014 Jan 2015 Jan 2016 Jan 2017
g.co/https. Approximate # of requests that represents most of Google Advertising traffic
![Page 30: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/30.jpg)
1. Powerful features
2. Performance
3. Perceptions
HTTPS IS A BUSINESS CASE
![Page 31: INSIDE ‘MOAR TLS’](https://reader031.fdocuments.in/reader031/viewer/2022012511/618959cfad0a1c7ae6411701/html5/thumbnails/31.jpg)
So spread the word and migrate to HTTPS.
ECOSYSTEM CHANGES
ARE A TEAM EFFORT.