Will browsers someday mark all HTTP pages as insecure?
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
December 16, 2014
Google's Chrome Browser security team has started a new debate on whether browsers should someday mark all HTTP pages as insecure.
And when you think of it, it would make some sense since after all, more security sure is better than not enough.
“We propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure,” the team wrote today in a blog post.
It says the team's goal “is to more clearly display to users that HTTP provides no data security because all we need is data communication on the web to be secure (private, authenticated, untampered).”
If users aren't enjoying good security, the team suggests, browsers “should explicitly display that, so users can make informed decisions about how to interact with an origin.”
The team also points out that HTTPS traffic usually produces a change to the user interface notification, yet insecure HTTP traffic does not.
The team proposes that browsers instead define and inform users of three security levels:
The post's authors have thrown the topic open to debate, posting to several influential mailing lists to gather some feedback.
However, the Chromium team seem intent on the change-- the post says “We intend to devise and begin deploying a transition plan for Chrome sometime in 2015.”
Source: Google's Chrome Project.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!