June 26, 2009 Dear Signatories: Thank you for your letter dated June 16, 2009 concerning our use of HTTPS encryption technology in Google services, such as Gmail, Google Docs, and Google Calendar. As we mentioned in our blog post published on June 16 on the Google Online Security Blog, we're always looking at ways to help make the web more secure and more useful. We understand that you were pleased with our response, and we join you in your hope that other companies will also take steps to provide HTTPS options to their users. Google has long demonstrated a focus on strong security in web applications, and we have been an industry leader in the HTTPS offerings we present to our users. As you mention in your letter, most providers of major web services — including Yahoo! Mail, Microsoft Hotmail, Facebook, and MySpace — offer less consistent or no HTTPS support for the whole time their users are accessing the service despite serving the majority of webmail users. By contrast, Gmail has provided free HTTPS since we launched the service in 2004. Typing https:// into the browser address bar or setting a bookmark instructs Gmail — or Google Docs or Google Calendar — to use HTTPS. In 2008 we improved our HTTPS support for Gmail users by adding a feature to the Gmail Settings page to give users a choice to keep HTTPS always on for their Gmail account. We are not aware of any other major provider of free webmail that has given all of their users the option of turning on HTTPS by default. One of the key recommendations of your letter was that we should turn on HTTPS by default for all users of Gmail and other Google services. HTTPS is a subject that we have given a lot of thought, as evidenced by the atypically robust level of HTTPS support we already offer. While we think we've made good progress with our HTTPS options in Gmail, we know there is room to possibly offer more for some of our other products. Ideally, we'd like to provide HTTPS by default for all connections, but for now we need to investigate the ways to reduce performance impact for users since HTTPS can in some cases make web applications slower. At this stage, we stress the value of giving users the choice to enable HTTPS. We agree it's important to continue to push for more adoption of HTTPS. Since long before we received your letter we have been considering the possibility of offering an HTTPS default setting as an option for users of some of our other services. As we mentioned in our blog post, we're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their email. We feel we need to more completely understand the impact of HTTPS on our users' experience, analyze the data from trials and experiments, and make sure we aren't introducing negative effects. In the absence of such negative effects or other complications, we intend to turn on HTTPS by default more broadly — hopefully for all Gmail users, and possibly for users of other applications like Google Docs and Google Calendar. We'd like to clarify a point that was characterized incorrectly in your letter. Contrary to your claims, a cookie from Docs or Calendar doesn't give access to a Gmail session. The master authentication cookie is always sent over HTTPS — whether or not the user specified "always use HTTPS" for their Gmail account. Ultimately, we feel it's important to keep in mind that HTTPS is not a silver bullet for web security. No single company can make email across the Internet secure. While HTTPS can provide good protection for communication between a user and their mail provider, it cannot guarantee the security of the rest of the path the email travels during delivery. We want to enable users to take advantage of HTTPS for their email, but we are concerned that an overemphasis on HTTPS may lead people to believe that use of HTTPS means zero risk of emails being intercepted as they travel to other parts of the Internet. At Google, we are always looking for ways to improve the services we provide our users and to help make the web more secure. We appreciate the interest and feedback from the research community, and we welcome helpful discussion of issues that will further these goals. We can all agree that HTTPS can

provide real benefits. As we push to determine how we can best support HTTPS in our individual products and services, we will continue to encourage the broad use of HTTPS in web services across the industry. Sincerely,

Alma Whitten Software Engineer, Security and Privacy Google Inc.

Copy of Response to HTTPS Letter

Jun 26, 2009 - on for their Gmail account. ... account. Ultimately, we feel it's important to keep in mind that HTTPS is ... Software Engineer, Security and Privacy.
Download PDF
26KB Sizes 1 Downloads 338 Views
Report

Recommend Documents

Oberstar correspondence - response to I-35W bridge letter
Jan 28, 2008 - I have reviewed my remarks from the press conference on January 15,. 2008, concerning the interim recommendation the NTSB issued regarding the Minneapolis,. Minnesota, I-35W bridge collapse. Specifically, I reviewed my comments, highli
EPA Response to PADEP 022417 Letter Signed.pdf
EPA Response to PADEP 022417 Letter Signed.pdf. EPA Response to PADEP 022417 Letter Signed.pdf. Open. Extract. Open with. Sign In. Main menu.
Data Response, Smith Letter 07.24.14.pdf
Data Response, Smith Letter 07.24.14.pdf. Data Response, Smith Letter 07.24.14.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Data Response ...
https://drive.google.com/open?id ...
Page 2 of 74. Dear Parents: Choosing courses and developing academic plans for the four years in high school is an important responsibility of each student. We respect their individual interests and needs as we know you do as well. Our teachers are a
The response of consumption to income - ScienceDirect
In previous work we have argued that aggregate, post-war, United States data on consumption and income are well described by a model in which a fraction of ...
https://myaccount.greenmountain.com/Account/ServiceEFLPDF ...
Applicable taxes and other charges may also apply. Electricity. Price. See Terms of Service statement for a full listing of fees, deposit policy, and other terms. Other Key. Terms and. questions. Type of Product Fixed Rate. Contract Term 12 Months. D
PROCEEDINGS OF THE HEADMASTER Z.P.H.SCHOOL https://sites ...
sanction of periodical increment to certain teachers working in the school - Orders - Issued. Read:- 1.G.O.Ms No.40, Education (SER.V) Dept., dated 07-05-2002.
2015-10-30 Interim response letter 3.pdf
b. its policies and standard agreements regarding conducting, storage, ... h. hyperlink to the document file (for documents provided or available online at least.
Copy of Copy of 4 Program of Studies iSVHS_COURSE_CATALOG ...
There was a problem previewing this document. Retrying. ... Copy of Copy of 4 Program of Studies iSVHS_COURSE_CATALOG-16-17.pdf. Copy of Copy of 4 ...
Copy of Letter of support VAPA 2.14.17-1.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Copy of Letter of ...
Final Letter to FHWA - MUTCD RFC Response 2-2-16.pdf
Page 1 of 2. February 2, 2016. By Electronic Submission. U.S. Department of Transportation. Dockets Management Facility, Room W12-140. 1200 New Jersey ...
PROCEEDINGS OF THE HEADMASTER Z.P.H.SCHOOL https://sites ...
present pay is drawn. Date from which increment is may be given. Scale of pay. Present pay. Amount of. Increment future pay. Remarks. Necessary entries have ...
Letter of Intent to Continue Homeschooling
Submit information for a Letter of Intent to Continue Homeschooling to the superintendent's office in the school district where the ... information using this suggested form or a written or electronic format of your choosing. ... Phone, including.
Copy of Copy of Kaplan Adm Samples.pdf
A nurse is to give the liquid medicine 3 times a day. The morning dose is 3/4 ounce, the noon dose. is 1/2 ounce and the evening dose is 3/4 ounce. The nurse ...
Copy of Copy of R_Catalog OakBrook 2017-2018_ Website Copy.pdf ...
Institute. Catalog. Oak Brook Campus. 1200 Harger Road Oak Brook, Illinois 60523. Published January 2018. 1 ..... Copy of Copy of R_Catalog OakBrook 2017-2018_ Website Copy.pdf. Copy of Copy of R_Catalog OakBrook 2017-2018_ Website Copy.pdf. Open. Ex
COPY Letter to Parents for School Meal Program Summer 2016.pdf ...
... Reduced Price School Meals Application for all students in your household. .... Infants and Children (WIC); the Comptroller General of the United States for.
(Response to MTD).pdf
2014.01.23 Absolute Energy Solutions, LLC v. Trosclair (Response to MTD).pdf. 2014.01.23 Absolute Energy Solutions, LLC v. Trosclair (Response to MTD).pdf.
https://drive.google.com/file/d/0ByxgqwbOGFcHb3c1cnFSRU1kMUk ...
Character Development continued. with our ... One final note, we ask families to please note our tentative professional development date ... I'm the best I can be!
Copy of 2017-01-05 Final Draft Crisis Intervention Response Policy ...
Copy of 2017-01-05 Final Draft Crisis Intervention Response Policy.pdf. Copy of 2017-01-05 Final Draft Crisis Intervention Response Policy.pdf. Open. Extract.
Impact Letter to Parents
randomly selected individuals and teams that participate in state series competitions for banned substances. The results of all tests shall be considered ...
Letter of Intent to Continue Homeschooling
Do NOT mail to the Minnesota Department of Education. Complete the information using this suggested form or a written or electronic format of your choosing.
Copy of Copy of Kaplan Adm Samples.pdf
Page 1 of 5. 1. Kaplan's Admission Test is a tool to determine if students have the academic skills necessary. to perform effectively in a school of nursing.
Response to last email - GitHub
Jun 2, 2015 - Good specification. Some of the new specifications will require a bit more discussion to clarify. To this end. I will compile your specifications.
Copy of ...
Evaluation of Direct Interrupt Delivery ... VM exits, a key approach to reduce the overhead of virtu- alized server I/O is to deliver interrupts ..... .pdf. Copy of ...