Announcement

Collapse
No announcement yet.

Mozilla Start Drafting Plans To Deprecate Insecure HTTP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • uid313
    replied
    Yeah, and deprecate anonymity too.
    In the future everyone who published any content on the web must use HTTPS and provide their data to government. No anonymous blogging for you!
    If you have an opinion, we want to know who you are and where you live!

    Leave a comment:


  • vadix
    replied
    Originally posted by nanonyme View Post
    Next step: People notice it was stupid to remove HTTP because transparent caching proxies no longer work so everyone run out of capacity. As a result keys are given to ISP's so they can terminate SSL, cache, and send connection forward as SSL
    Maybe I just don't have a sense of humor, but I am fairly certain that the majority of web traffic comes from media content anyways, so I don't think that is a reasonable conclusion.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by phoronix View Post
    Phoronix: Mozilla Start Drafting Plans To Deprecate Insecure HTTP

    Richard Barnes of Mozilla's Security Engineering team is calling for the deprecation of insecure HTTP...

    http://www.phoronix.com/scan.php?pag...-Insecure-HTTP
    Next step: People notice it was stupid to remove HTTP because transparent caching proxies no longer work so everyone run out of capacity. As a result keys are given to ISP's so they can terminate SSL, cache, and send connection forward as SSL

    Leave a comment:


  • NatTuck
    replied
    That's scary

    Along with Mozilla's policy of only connecting to secure sites with CA-approved certificates, this would effectively require all websites to be centrally authorized before publication.

    Needless to say, that's not compatible with a free web.

    Leave a comment:


  • bemerk
    replied
    If they want to deprecate non-encrypted connections, they should focus on all aspects of certificate pinning first.

    Pinning header, Certificate Transparency logs, DANE, DNSSEC and their own CA so everyone can get certs for free.

    Right now it isn't really secure if every ca can make certs for every site and only chrome will notice it and only on sites that google pinned themselfes

    Leave a comment:


  • Mozilla Start Drafting Plans To Deprecate Insecure HTTP

    Phoronix: Mozilla Start Drafting Plans To Deprecate Insecure HTTP

    Richard Barnes of Mozilla's Security Engineering team is calling for the deprecation of insecure HTTP...

    http://www.phoronix.com/scan.php?pag...-Insecure-HTTP
Working...
X