Wednesday, January 13, 2010
Google has announced that it is to standardise around HTTPS for its web mail service Gmail.
In a blog posting Sam Schillace, Gmail engineering director, said that the company was now turning on HTTPS as standard on the service to encrypt messages being sent into and out of its servers.
“We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data,” he said.
“Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do. We are currently rolling out default https for everyone.”
Google first introduced HTTPS to Gmail in 2008 as an option, and has since been under pressure to roll it out elsewhere. Last year an open letter from security professionals prompted the company to promise HTTPS support on all Google Apps.
Users who are already on HTTPS need do nothing Schillace said, and controls to turn it off were in the settings menu of Gmail.
People using HTTP Gmail offline may experience some problems he said but the company was working on it. In the meantime a Google advisory suggests switching the offline Office applications so that they sync via the HTTPS server.