News last week about Google Chrome and their intention to make it faster still… at the expense of security. I’m not sure I agree with this line of thinking. Basically the article talks about how Google are going to stop checking for revoked SSL certificates because it slows down the web browser too much. Other main vendors Microsoft and Mozilla are not at this point following in this course of action. The certificate revocation is designed to ensure that when you got to a website, the SSL certificate is in fact valid and not been revoked by the Certification Authority. A revoked certificate normally happens when hackers have gained control over the SSL certificate and the entire mechanism is designed to protect you. Google on the other hand have decided that speed is more important than security. Yes – speed is important, but not at the expense of security. There are other mechanisms in place such as DNSSEC which are designed to help ensure that you are going to the websites you think you are, but they are in their infancy. If Google were to implement this change further down the track once DNSSEC was widely used, then it might be acceptable. To do so now is reckless.
I may well be wrong too you know… I don’t know everything but based on what I do know, I’m even more concerned about using Google Chrome for ANYTHING.