Welcome to WebmasterWorld Guest from 22.214.171.124
Given the current interest it seems like a good time to talk about two projects in which Google is engaged.
The first is the Google Certificate Catalog. Googleís web crawlers scan the web on a regular basis in order to provide our search and other services. In the process, we also keep a record of all the SSL certificates we see. The Google Certificate Catalog is a database of all of those certificates, published in DNS.
The second initiative to discuss is the DANE Working Group at the IETF. DANE stands for DNS-based Authentication of Named Entities. In short, the idea is to allow domain operators to publish information about SSL certificates used on their hosts. It should be possible, using DANE DNS records, to specify particular certificates which are valid, or CAs that are allowed to sign certificates for those hosts. So, once more, if a certificate is seen that isnít consistent with the DANE records, it should be treated with suspicion. Related to the DANE effort is the individually contributed CAA record, which predates the DANE WG and provides similar functionality.
Improving the public key infrastructure of the web is a big task and one thatís going to require the cooperation of many parties to be widely effective. We hope these projects will help point us in the right direction.
Hey, didn't crobb mention in one of the posts that SSL certificates may be a factor in the recent update?
SSL is not needed unless you have some kind of privacy or online transaction on the site. HTTPS is often only "engaged" when on the "privacy" part of the web site - ie entering personal/card payment or similar details.
There is no reason why (eg) a virus-serving site, scammer or content thief cannot obtain a valid certificate.
I accept SSL certs MAY show an improved trust but the vast majority of web sites use virtual servers on a common IP