Mozilla Start Drafting Plans To Deprecate Insecure HTTP
Richard Barnes of Mozilla's Security Engineering team is calling for the deprecation of insecure HTTP.
Barnes is hoping for more people to move to HTTPS by limiting new browser features from becoming available over insecure HTTP, in the name of security. He wrote in a mailing list post, "In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security."
There's also this Google Doc outlining their initial plans for beginning to deprecate insecure HTTP at Mozilla. This mailing list post was just issued a short time ago and is trying to see if the Mozilla community is interested in this plan and whether other web-browsers, etc, would also approve of deprecating insecure HTTP.
Barnes is hoping for more people to move to HTTPS by limiting new browser features from becoming available over insecure HTTP, in the name of security. He wrote in a mailing list post, "In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security."
There's also this Google Doc outlining their initial plans for beginning to deprecate insecure HTTP at Mozilla. This mailing list post was just issued a short time ago and is trying to see if the Mozilla community is interested in this plan and whether other web-browsers, etc, would also approve of deprecating insecure HTTP.
45 Comments