Google plans to use Chrome as a tool to reform the Web by encouraging use of a technology the company says will reduce data-transfer delays.
The technology, called False Start, has the potential to reduce one round of back-and-forth communications between a browser and a Web server when establishing an encrypted connection. That's a significant time savings--about 7 hundredths of a second for communication across the United States and 1.5 tenths of a second from California to Europe.
Even better, unlike many protocol improvements that could improve communications, it doesn't even require changes on both sides of the network connection. Only the browser needs to be changed, according to False Start co-author Adam Langley. (Update 3:25 p.m. October 6: Link is no longer available.) Naturally, Google has begun building False Start into its Chrome browser, judging by a Chrome command-line switch that lets Chrome users disable it.
Great, right? Free speed for everyone! Well, actually, there's a catch.
"We are aware that this change will cause issues with about 0.05 percent of Web sites on the Internet," Langley said in a blog post. (Update 3:25 p.m. October 6: Link is no longer available.)
Google, supplying follow-up information, said the change will affect only 0.05 percent of Web sites encrypted with SSL/TLS, not that portion of the entire Internet, though.
Rather than let the issue slide, Google sees an opportunity to fix something it thinks is wrong with the Web.
"Chrome still carries an idealism that means that we're going to try to make low-level changes and try to make them work," not just try to gloss over them with higher-level interfaces, he said.
Accordingly, Chrome will be endowed with a blacklist to disable the False Start acceleration feature for sites where it wouldn't work, and Google will try to reach those sites to encourage upgrades, he said. At present Chrome's list of blacklisted sites includes 661 sites.
Google can use the approach to discourage new Web sites from following predecessors' footsteps that lead to the problem, Langley said:
Blacklisting gives us two advantages. Firstly, it limits the accumulation of new problematic websites. Sites which have never worked are a very different case from sites which used to work.
Secondly, we can contact the problematic sites in question. We already have a good idea of where the problem lies with many of them and we're in contact with the stakeholders to plan a way forward.
It's possible Google's plan might ruffle some feathers, but the company is only trying to get Web sites to catch up with browser communication encryption technology that was standardized nearly 12 years ago, he said.
Specifically, the problem stems from the transition from an encryption technology called Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL). This is the technology that's used to curtail snooping of communications with banks and e-commerce sites
During the transition to TLS 1.0, Web browsers were set up to fall back to the earlier SSL 3.0 standard for Web sites that weren't upgraded. But it turns out that old technology lingers on, and the fallback is what causes problems with False Start TLS.
"It was assumed that the problematic Web servers could be fixed in a few years and the fallback could be removed," Langley said. "Twelve years later, the fallback is in robust health and still adding complexity. A security update to TLS earlier this year was made much more complex by the need to account for SSLv3 fallback. The operators of the problematic Web servers are largely unaware of the problems that they are causing and have no incentive to change in any case."
Being blacklisted by Chrome could be that very incentive.
"Blacklists require effort to maintain, and we'll have to be responsive to make it work," but the fast-moving Chrome team is up to the challenge, said Langley. "With our near-weekly dev channel and even more frequently updated Canary channel, we think that we can do it."
Corrected 12 p.m. PDT October 6:to reflect that 0.05 percent of sites encrypted with SSL/TLS and with valid certificates are affected.