In a letter published Wednesday by an official with the Internet Engineering Task Force (IETF), a proposal to encrypt the world’s communications using the popular HTTPS protocol came shortly after documents leaked by Edward Snowden raised concerns about government surveillance of internet communications.
Despite these revelations, websites operated by Yahoo, the federal government, and others continue to publish the majority of their pages in plaintext format, one that easily can be picked up and read by government spies or anyone else who has access to the network the traffic passes over. The implications of the technology required to make this idea a reality are somewhat staggering, but representatives from various internet search firms have voiced their support for the plan and have suggested it is still possible as long as everyone is wiling to throw the weight of their collective servers behind the project.
They’ve made it clear that HTTPS would be far simpler to operate for the millions of websites who will eventually require it as a part of their daily operations and interactions with users, however it’s this same level of simplicity that also makes it easier to crack for anyone who might be poking in on the other end. On the other hand, HTTP 2.0 is considering to be the safer option with a lesser chance of exploitation by man-in-the-middle attacks, but would cost significantly more to implement and could cause complications for anyone not 100% up to snuff when it comes to programming and managing the backend properly.
The HTTPbis Working Group, the IETF body tasked with designing the next-generation HTTP 2.0 specification, is suggesting that encryption be the default way data is transferred over the open net.
“There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this,” Mark Nottingham, chair of the HTTPbis working group, wrote in Wednesday’s letter.
To top it off, the letter makes no attempts to address the obvious concern that even with increased security on the connections themselves, all it would take is one corrupted certificate out of the nearly 500 that are handed out from dozens of agencies around the glob to compromise the sanctity of the entire system. Unfortunately the letter didn’t propose alternatives to the largely broken TLS system, such as the one dubbed Trust Assertions for Certificate Keys, which was conceived by researchers Moxie Marlinspike and Trevor Perrin earlier this year.
Whichever protocol is eventually adopted by the web, you can be sure the most effective method of encrypting your traffic at home is by using a virtual private network. With dozens of available options to choose from, finding the one that’s right for you can seem like a daunting task, but thanks to our handy providers list, you can go through a variety of options to pick the one that fits your needs best.