On 7/19/2014 11:54 AM, Daniel Roesler wrote: > Howdy all, > > Yesterday, I created a bug proposing that Firefox switch the generic > url icon to a negative feedback icon for non-https sites. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 > > I created this bug because it's time we start treating insecure > connections as a Bug. There is so much open wifi available to the > modern internet user that a significant portion Firefox users' > requests can be sniffed. If that request is insecure, it makes session > hijacking, MITM, and metadata attacks trivially easy. Not using https > should now be bad practice and considered harmful. > > Mozilla should be a leader and push websites to start securing their > connections. Many of the largest websites already default to https, > and it's time to start bringing the rest on board. Having negative > feedback for insecure connections offers a huge incentive to fixing > the larger Bug of insecure connections. > > Thanks and looking forward to any discussion, > Daniel Roesler > diaf...@gmail.com >
Your concept would cast a negative shadow over many non-commercial Web sites, blogs, and legitimate freeware sources. Are you willing to pay the cost of site certificates for such sites? How about just the cost of a site certificate for my own site? I have no advertising on my site and thus no revenues to pay for a certificate. Yes, I know there are some certification authorities that issue free certificates. For various reasons, I have marked many of their root certificates as untrusted. -- David E. Ross <http://www.rossde.com/> On occasion, I filter and ignore all newsgroup messages posted through GoogleGroups via Google's G2/1.0 user agent because of spam, flames, and trolling from that source. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
