We’re deprecating #HTTP, and it’s going to be okay
►https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay #HTTPS #surveillance #MITM #encryption
We’re deprecating #HTTP, and it’s going to be okay
►https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay #HTTPS #surveillance #MITM #encryption
Attention, ça va faire mal à SeenThis :
▻https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http
« 1) Setting a date after which all new features will be available only to secure websites 2) Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy. »
“this site is best viewed with Internet Eplorer”
Mmmh, c’est violent quand même tout ça.
Sur l’idée, au départ, de loin, ok.
mais DON’T BREAK THE WEB !
Le web c’est pas que des applis et des sites e-commerce, sacrebleu !
Et la FAQ de Mozilla ▻https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf qui répond très bien à toutes les questions soulevées ici.
Q. Isn’t this making life harder for small websites and reducing free speech?
(...) the general trend in the industry is that HTTPS is getting easier to deploy. Even for legacy content, there’s HSTS and upgrade-insecure-requests to make the migration smoother.
(...)
Q. If you like security so much, why are you so hard on self-signed certificates?
Self-signed certificates aren’t inherently bad. If you go to the effort of manually checking that it’s the right certificate, it can be more secure than a CA-issued certificate.
So why does the browser present such a scary warning? The problem is that browser doesn’t know when it’s supposed to be getting a self-signed certificate, and when it’s supposed to be getting a CA-issued certificate. In practice, only a few legitimate sites present self-signed certificates, since manual checking is hard.
/me continue à se gratter la tête
▻http://alistapart.com/blog/post/on-our-radar-what-engineers-look-like
Last week Mozilla announced that it is “setting a date after which all new features [in Firefox] will be available only to secure websites”—that is, those that use https instead of http. Mozilla’s heart is in the right place: it wants to minimize security threats to users and the web. But we wonder what impact this will have on sites that can’t, won’t, or don’t know to convert to https—especially if other browsers follow suit. A low barrier is what keeps the open web open. —Jeffrey Zeldman, founder and publisher
via
▻http://mozillazine-fr.org/jeffrey-zeldman-sinterroge-sur-la-volonte-de-mozilla-de-deprecier-ht