Announcement

Collapse
No announcement yet.

Mozilla Start Drafting Plans To Deprecate Insecure HTTP

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • #21
    Originally posted by fguerraz View Post
    just let people use SSL if they want to.
    Indeed, nobody should dictate what security is or isn't. However, people do like boss others around... gives them a sense of power.

    I mean, what if I decide that Firefox is a security nightmare, should I make sure that if it's found on (for example) Linux, that it gets automatically destroyed? Thus setting a security policy that browsers are "ok", just not Firefox. Makes about as much sense.

    Comment

    • #22
      I won't run any browser that blocks self-signed certs and can't be overrridden

      Originally posted by Szzz View Post
      Right now the only requirement to run a website is to have a white ip address (even this is optional). Domain name and certificate are optional. They want certificate to be a requirement, this is not acceptable. I'm for more security and encryption but I'm against removing choise.
      Since I routinely use websites with self-signed certificates, if Firefox ever blocks these with no option to override I won't install that version.

      Comment

      • #23
        Originally posted by fguerraz View Post
        I want HTTP and HTTP/2 without the need for SSL.
        Tough luck. Both Mozilla and google indicated they don't plan on implementing TLS-free HTTP/2.

        As long as you can use self-signed certs, you're all right. There are many (crappy) free certificate providers, plus an accepted community driven one (cacert.org). I personally see this as a step in the right direction.

        just let people use SSL if they want to.
        I'd turn that around : "just let people not use SSL if they don't want to". SSL should be the default. Plaintext should be as a last resort. Hell even my personal server has certificates and SSL only connections.

        Comment

        • #24
          Originally posted by uid313 View Post
          Yeah, and deprecate anonymity too.
          In the future everyone who published any content on the web must use HTTPS and provide their data to government. No anonymous blogging for you!
          If you have an opinion, we want to know who you are and where you live!
          Anonymity is already Mostly DeadTM. If you know where to get a Miracle Pill for it, I'm all ears.

          Comment

          • #25
            Just a reminder, Let's Encrypt will launch this year, meaning you can get CA backed certs that work across all browsers for free without usage restrictions.

            Comment

            • #26
              Did... did anybody actually READ the article? Aside from the clickbait (and completely wrong) title, I mean.

              Some member posted an RFC to the mailing list detailing HIS (not Mozilla's) plans for depreciating features on HTTP. As in, Mozilla as a whole hasn't agreed to this, no code has been written, nothing.
              Just jump on the mailing list and say you oppose it, it's that simple.

              Comment

              • #27
                Originally posted by Daktyl198 View Post
                Did... did anybody actually READ the article? Aside from the clickbait (and completely wrong) title, I mean.

                Some member posted an RFC to the mailing list detailing HIS (not Mozilla's) plans for depreciating features on HTTP. As in, Mozilla as a whole hasn't agreed to this, no code has been written, nothing.
                Just jump on the mailing list and say you oppose it, it's that simple.
                Whatever Mozilla decides they need to address the absolute pig that is 37.0.1 that eats the main core on an 8 Core FX-8350 routinely with Amazon.com.

                Turning off HTTPS extension helps for about 5 minutes, then the 4 tabs turns into about 1.5GB and 106% CPU main core hogging.

                I'm waiting on Debian to get GNOME 3.16 up so I can use Epiphany with WebKitGTK+ 2.8. That of course has issues I pointed out to Debian, including the fact their GStreamer 1.5 isn't correct and WebKit Trunk craps the bed until they fix it.

                Comment

                • #28
                  Originally posted by zanny View Post
                  Just a reminder, Let's Encrypt will launch this year, meaning you can get CA backed certs that work across all browsers for free without usage restrictions.
                  Thank you for this link. I've never heard of it until now.

                  Comment

                  • #29
                    Move to a better browser, something that doesn't trust CAs

                    Comment

                    • #30
                      Originally posted by Marc Driftmeyer View Post
                      Whatever Mozilla decides they need to address the absolute pig that is 37.0.1 that eats the main core on an 8 Core FX-8350 routinely with Amazon.com.

                      Turning off HTTPS extension helps for about 5 minutes, then the 4 tabs turns into about 1.5GB and 106% CPU main core hogging.

                      I'm waiting on Debian to get GNOME 3.16 up so I can use Epiphany with WebKitGTK+ 2.8. That of course has issues I pointed out to Debian, including the fact their GStreamer 1.5 isn't correct and WebKit Trunk craps the bed until they fix it.
                      i am having that problem on twitter. just scroll long enough and youll get a message that scripts stopped working. same on fb when you scroll up to older messages.

                      Comment

                      Previous 1 2 3 4 5 template Next
                      Working...
                      X