Google launches SSL encrypted searches

[jes]

Google launches SSL encrypted searches

Google recently launched its search over SSL service, providing an end-to-end encrypted search solution

 

[BobsLawnService]

If by recently you mean a year ago then yes.

 

[nelwa]

I don't get how google can't simply just add an SSL certificate to their normal url's, why do you need to visit encrypted.google.com?

 

[BobsLawnService]

Https://www.google.com also works.

 

[bonga86]

Encrypted connections between 2 nodes, nothing new here. Its probably very complex at that level but did they really need to create a completely separate domain from the ones we are are already used. Something like https://www.gooogle.co.za and why is the no https://encrypted.google.co.za

 

[bonga86]

Https://www.google.com also works.

Okay, just checked that out but it seems the regional is not setup for SSL https://www.google.co.za ?

 

[BobsLawnService]

The prefix is great from a usability perspective because it makes it much easier to determine that you are using the encrypted site at a glance.

 

[tortured]

nevermind

 

[rorz0r]

Ohhhkay... Been using https for a while now.

 

[grimd5]

been using google on local since 01-05-2010

 

[MoHaG]

Encrypted connections between 2 nodes, nothing new here. Its probably very complex at that level but did they really need to create a completely separate domain from the ones we are are already used. Something like https://www.gooogle.co.za and why is the no https://encrypted.google.co.za

they initially had it that way, but that meant that companies / schools couldn't block ssl search without also blocking gmail /google apps logins, etc... (putting some google apps deals with schools at risk which also want to block students from searching for some terms)

(The exact details are in a blog post somewhere on the google blog)

 

[MoHaG]

Okay, just checked that out but it seems the regional is not setup for SSL https://www.google.co.za ?

It seem that regional ssl sites are planned for later (read the google blog...)

 

[who.is.michael]

no https://encrypted.google.ca either... :-(

 

[xrapidx]

How is it secure if the URL still has the search string?

 

[MoHaG]

How is it secure if the URL still has the search string?

HTTPS URLs are not visible across the network.

For acccessing https://www.google.com/?q=test, the following happens:
1. Connect to www.google.com port 443. (CONNECT request if (http) proxy is involved, direct TCP otherwise)
2. Negotiate SSL and establish encrypted conenction (not sure about details here)
3. Send request (GET https://www.google.com/?q=test) to server and wait for response over connection

For normal HTTP, the GET is send directly to the proxy or over the unencrypted conenction to the server.

 

[xrapidx]

hmmm - ok - thanks... studied this crap almost 10 years ago... obviously lost on me already