Mozilla seriously considering a move away from insecure HTTP
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
April 15, 2015
Numerous inquiries to finally move away from HTTP and on to secure HTTPS are finding themselves encouraged by users of Mozilla's developers' platform.
However, the whole thing is moving at a very slow speed and some people are getting irritated by the lack of urgency.
Posting to the Mozilla developer platform, security engineer Richard Barnes said-- "In recent months, there have been statements from the IETF, the IAB, the W3C and even the U.S. Government calling for universal use of encryption, which in the case of the web means HTTPS."
Back in the early days of the internet, HTTPS was the black tie of protocols, worn only for fancy payment transactions or other extremely sensitive data interchanges between servers.
But since around 2005, it has been implemented for a wide range of security applications, including page authenticity and ensuring basic communications security.
Barnes added-- "In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security."
"Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts," he said.
"Having an overall program for HTTP deprecation makes a clear statement to the internet community that the time for plaintext is over, for good. It also tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security," said Barnes.
With a couple of thousand words already being racked up in the Mozilla man's thread, the deprecation plan for HTTP seems to have established whether there is support in the Mozilla community for a plan of this general form.
"Overall, developing a precise plan will require co-ordination with the broader web community (other browsers, websites, etc.) and will probably happen in the W3C," acknowledged Barnes.
W3C has a Technical Architecture Group (TAG) who are sort-of chartered researchers. It published its findings into Securing the Web on January 22nd of this year, which are not too different from those of Barnes.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!