DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 16, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 152 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Mozilla wants to phase out HTTP

Posted on Tuesday, April 14 2015 @ 12:04:40 CEST by


In a newsgroup posting, Richard Barnes from Mozilla's Security Engineering team, proposes to phase out HTTP to move the web to the more secure HTTPS protocol. Barnes proposes to limit new browser features to HTTPS and wants to make a clear statement to developers that the time for plaintext is over.

One major issue perhaps is the cost and complexity of setting up SSL certificates for small mom and pop websites but Mozilla and others hope to have this covered via initiatives like Let's Encrypt, which promises free certificates that work across all browsers without usage restrictions.
There's pretty broad agreement that HTTPS is the way forward for the web. In recent months, there have been statements from IETF [1], IAB [2], W3C [3], and even the US Government [4] calling for universal use of encryption, which in the case of the web means HTTPS.

In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security. Martin Thomson and I drafted a one-page outline of the plan with a few more considerations here:

https://docs.google.com/document/d/1IGYl_rxnqEvzmdAP9AJQYY2i2Uy_sW-cg9QI9ICe-ww/edit?usp=sharing

Some earlier threads on this list [5] and elsewhere [6] have discussed deprecating insecure HTTP for "powerful features". We think it would be a simpler and clearer statement to avoid the discussion of which features are "powerful" and focus on moving all features to HTTPS, powerful or not.

The goal of this thread is to determine whether there is support in the Mozilla community for a plan of this general form. Developing a precise plan will require coordination with the broader web community (other browsers, web sites, etc.), and will probably happen in the W3C.

Thanks,
--Richard
Via: Phoronix



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba