I'll be sure to stop using it before then. Without an easy and freely available solution to augment millions of urls for https:// they are jumping the gun.

Then you will have to stop using the Internet. IIRC, I read somewhere that Chrome will deprecate non-HTTPS too.
That's why Mozilla, Akamai, Cisco and EFF decided to make https://letsencrypt.org/ which will be launched in mid-2015:

I've used StartSSL for free SSL certificates for years without problem. Let's Encrypt is also due out in the coming months with an automatic process for getting and installing free SSL certs.

Mozilla is only just announcing their intent to do this. It'll probably be a couple of years before it's actually fully implemented.

Which browser are you going to switch to, then? Chrome is going in the same direction, so that's no answer for you...

However, I suspect the solution to your problem will be to just use HTTP over SSL/TLS, but without certificate checking. That's not ideal, of course, since you can't trust that you're talking to the site you want - but it does at least give you transport-level encryption, so that traffic isn't going out in plain text.

You mean something like this: https://letsencrypt.org/?

Or something that exist for year like: http://www.startssl.com/

"Setting a date after which all new features will be available only to secure websites
Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy."

And who is to decide? And privacy violation via SSL/TLS is impossible?


Is it time to deprecate Mozilla Firefox then?
Encryption is a nice thing but the web still consists of a plethora of http sites, some where you even can enter data and transmit in without encryption. But kind of killing off all this to live in a sandbox? Furthermore - "secure" connections tend to overwhelm the user with error messages - messages most people can't understand.
Not all content is encrypted sometimes; e.g. pictures from an ad server. Error message. But which elements are insecure? How do you block them? Are they necessary for the site to work?
Ownership things. Certificate errors in all the colours of the rainbow. How are people to understand this? How are people to decide and solve? Really make the exception permanent? How trustable are CAs? Is self signed of the same value? And so on.

I guess we have challenging times ahead.

Has anybody take into account the use of Firefox as a testing tool for webservices?



What kind of nonsense is this?
It is like allowing only Mercedes brand cars using highways.
What happens to the hundreds of protocols that are transported over HTTP ( webservices etc. ) inside enterprise LANs?
In short, has anybody take into account the use of the browser as a debugging tool for webservices and other protocols?

I do not understand how a closed number of people are going to force the deprecation of so much older protocol, still in the hearth of the Internet core.

This is too good to be true. I like this decision but I really wonder how all the HTTP sites are going to switch to HTTPS.

Has anyone thought about the use of the browser as a debugging tool for XML over http

But what nonsense is this?
It's like allowing only a certain brand of cars using highways.

Has anyone thought about the use of the browser as a debugging tool for webservices, for example?
How many protocols are transported over http today? The so called "whatever-over-http"?

I do not understand how a small group of people intend to make deprecated a protocol that is in the core of the Internet.