http://mozillazine-fr.org

Jeffrey Zeldman s’interroge sur la volonté de Mozilla de déprécier HTTP non-sécurisé » MozillaZine-fr

/jeffrey-zeldman-sinterroge-sur-la-volon

Stéphane Bortzmeyer @stephane CC BY-SA 4/05/2015

15

15

Attention, ça va faire mal à SeenThis :
▻https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http
« 1) Setting a date after which all new features will be available only to secure websites 2) Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy. »
#HTTPS #Internet_security #privacy #Firefox #Mozilla
- #e - commerce
Stéphane Bortzmeyer @stephane CC BY-SA
- Suske @suske 5/05/2015
  
  Pas que...
  
  Suske @suske
- Fil @fil 5/05/2015
  
  MOZILLA GO HOME
  
  Fil @fil
- Nicolas🌱 @nicolasm CC BY-SA 5/05/2015
  
  “this site is best viewed with Internet Eplorer”
  
  Nicolas🌱 @nicolasm CC BY-SA
- Stéphane Deschamps @notabene CC BY-NC-SA 5/05/2015
  
  Mmmh, c’est violent quand même tout ça.
  
  Stéphane Deschamps @notabene CC BY-NC-SA
- 0gust1 @0gust1 CC BY-NC 5/05/2015
  
  Sur l’idée, au départ, de loin, ok.
  mais DON’T BREAK THE WEB !
  Le web c’est pas que des applis et des sites e-commerce, sacrebleu !
  
  0gust1 @0gust1 CC BY-NC
- Fil @fil 8/05/2015
  
  une critique plus poussée ici ▻http://seenthis.net/messages/368693
  
  Fil @fil
- Stéphane Bortzmeyer @stephane CC BY-SA 10/05/2015
  
  Et la FAQ de Mozilla ▻https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf qui répond très bien à toutes les questions soulevées ici.
  
  Stéphane Bortzmeyer @stephane CC BY-SA
- Fil @fil 10/05/2015
  
  #merci @stephane
  Q. Isn’t this making life harder for small websites and reducing free speech?
  (...) the general trend in the industry is that HTTPS is getting easier to deploy. Even for legacy content, there’s HSTS and upgrade-insecure-requests to make the migration smoother.
  (...)
  Q. If you like security so much, why are you so hard on self-signed certificates?
  Self-signed certificates aren’t inherently bad. If you go to the effort of manually checking that it’s the right certificate, it can be more secure than a CA-issued certificate.
  So why does the browser present such a scary warning? The problem is that browser doesn’t know when it’s supposed to be getting a self-signed certificate, and when it’s supposed to be getting a CA-issued certificate. In practice, only a few legitimate sites present self-signed certificates, since manual checking is hard.
  /me continue à se gratter la tête
  
  Fil @fil
- severo @severo PUBLIC DOMAIN 11/05/2015
  
  ▻http://alistapart.com/blog/post/on-our-radar-what-engineers-look-like
  Last week Mozilla announced that it is “setting a date after which all new features [in Firefox] will be available only to secure websites”—that is, those that use https instead of http. Mozilla’s heart is in the right place: it wants to minimize security threats to users and the web. But we wonder what impact this will have on sites that can’t, won’t, or don’t know to convert to https—especially if other browsers follow suit. A low barrier is what keeps the open web open. —Jeffrey Zeldman, founder and publisher
  via
  ▻http://mozillazine-fr.org/jeffrey-zeldman-sinterroge-sur-la-volonte-de-mozilla-de-deprecier-ht
  
  severo @severo PUBLIC DOMAIN
- Stéphane Bortzmeyer @stephane CC BY-SA 14/05/2015
  
  Un article anti ►https://medium.com/@b_k/https-the-end-of-an-era-c106acded474 et un pro ►https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay
  
  Stéphane Bortzmeyer @stephane CC BY-SA
Écrire un commentaire