Yeah, and deprecate anonymity too.
In the future everyone who published any content on the web must use HTTPS and provide their data to government. No anonymous blogging for you!
If you have an opinion, we want to know who you are and where you live!
-
Next step: People notice it was stupid to remove HTTP because transparent caching proxies no longer work so everyone run out of capacity. As a result keys are given to ISP's so they can terminate SSL, cache, and send connection forward as SSLOriginally posted by phoronix View PostLeave a comment:
-
That's scary
Along with Mozilla's policy of only connecting to secure sites with CA-approved certificates, this would effectively require all websites to be centrally authorized before publication.
Needless to say, that's not compatible with a free web.Leave a comment:
-
If they want to deprecate non-encrypted connections, they should focus on all aspects of certificate pinning first.
Pinning header, Certificate Transparency logs, DANE, DNSSEC and their own CA so everyone can get certs for free.
Right now it isn't really secure if every ca can make certs for every site and only chrome will notice it and only on sites that google pinned themselfesLeave a comment:
-
Mozilla Start Drafting Plans To Deprecate Insecure HTTP
Phoronix: Mozilla Start Drafting Plans To Deprecate Insecure HTTP
Richard Barnes of Mozilla's Security Engineering team is calling for the deprecation of insecure HTTP...
Leave a comment: