Thank you Google for adding HTTPS-only browsing
Last week I asked the browser companies of the world Microsoft, Mozilla, Apple, and Google to add an HTTPS-only web browsing mode which I called “mandatory SSL” (also posted here on CircleID). This week, Google added HTTPS-only web browsing to the alpha version of Chrome 2.0. I have no idea if I had any influence on this, but I want to congratulate Google Chrome developers on taking security seriously.
Now if they’ll implement my DNS recommendations which automates this on the server end, I’ll be even happier. Right now, the HTTPS-only whitelist that Google supports in Chrome 2.0 alpha is still a manual procedure which requires too much user intervention which only benefits a very small percentage of the population. If a site like Google would publish a custom record in DNS telling clients to automatically switch to HTTPS-only mode for services like GMail and keep that secure setting persistent even if a future rogue DNS server said otherwise, that would benefit 100% of the population.
Hopefully in 2.0 release it would have auto mode.