I expressed my opinion on this subject at length on the Chrome lists when they made a similar proposal. I'll summarize it here, though, since I feel the same way about FF deprecating non-encrypted HTTP:
I think HTTPS-everywhere is a great ideal if we can achieve it, but in the vast majority of discussions it feels like people are underestimating the difficulties involved in deploying HTTPS in production. In particular, I think this puts a significant group of people at risk and they don't necessarily have the ability to advocate for themselves in environments like this. Low-income internet users, teenagers, and people in less-developed nations are more likely to be dependent on inexpensive-or-free services to put content up on the internet. In the best case they might have a server of their own they can configure for HTTPS (given sufficient public documentation & time) but the task of getting a certificate is a huge hurdle. I've acquired personal certificates in the past through the normal paid CA pipeline and the experience was bad enough as someone who lives in Silicon Valley and can afford a certificate. There are some steps being taken to reduce the difficulty here, and I think that's a good start. StartSSL offers free certs, and that's wonderful (aside from the fact that their OCSP servers broke and took down a portion of the web the other day...) and if letsencrypt ships it seems like it could be a comprehensive solution to the problem. If unencrypted HTTP is deprecated it *must* be not only simple for individuals to acquire a certificate, but it shouldn't require them to interact with western governments/business regulations, and it shouldn't require them to compromise anonymity. Anonymity is an important feature of web services and especially important for disadvantaged people. Unencrypted pages mean that visitors are potentially at risk and their sites can be MITMd, but a MITM is at least not going to expose their real name or real identity and put them at risk from attack. Past security breaches at various internet services & businesses suggest that if an individual has to provide identifying information to a CA - even if it is promised to be kept private - they are putting themselves at risk. Letsencrypt seems to avoid this requirement so I look forward to it launching in the near future. I also think there are potential negative consequences to deprecating HTTP if the process of rolling out HTTPS is prohibitively difficult for amateur/independent developers: In practice it may force many of them to move to hosting their content on third-party servers/services that provide HTTPS, which puts them at risk of having their content tampered with or pulled by the service provider. In this scenario I'm not sure we've won anything because we've made the site look secure when in fact we've simplified the task of altering site content without the author or visitor's knowledge. On 16 April 2015 at 01:49, Gervase Markham <g...@mozilla.org> wrote: > On 16/04/15 02:13, Karl Dubost wrote: >> Definitely. The resistance in this thread is NOT about "people >> against security", but 1. we want to be able to choose 2. if we >> choose safe, we want that choice to be easy to activate. > > I'd have it the other way. If you even assume choice should be possible > then: > > 1) We want to be able to choose > 2) If we choose unsafe, we want that choice to be relatively hard to > activate. > > In other words, "safe" should be the default. > > Gerv > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
