On 7/19/2014 11:54 AM, Daniel Roesler wrote: > Howdy all, > > Yesterday, I created a bug proposing that Firefox switch the generic > url icon to a negative feedback icon for non-https sites. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 > > I created this bug because it's time we start treating insecure > connections as a Bug. There is so much open wifi available to the > modern internet user that a significant portion Firefox users' > requests can be sniffed. If that request is insecure, it makes session > hijacking, MITM, and metadata attacks trivially easy. Not using https > should now be bad practice and considered harmful. > > Mozilla should be a leader and push websites to start securing their > connections. Many of the largest websites already default to https, > and it's time to start bringing the rest on board. Having negative > feedback for insecure connections offers a huge incentive to fixing > the larger Bug of insecure connections. > > Thanks and looking forward to any discussion, > Daniel Roesler > diaf...@gmail.com >
Anyone wishing to argue this issue further -- to argue in favor of implementing a scheme to encourage all Web sites to be HTTPS with site certificates -- should first read <http://www.2rosenthals.net/wordpress/googles-https-everywhere-initiative-not-so-fast-994/>. The blogger is a certificate reseller and also a computer systems integrator. Thus, he is a professional in the area of computer systems, including security. Although he has a vested interest in selling site certificates, he argues against the idea that all Web sites should be HTTPS. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy