Can we please declare this thread closed? The level of debate has gotten a little low.
--Richard On Aug 9, 2014, at 7:53 PM, David E. Ross <nobody@nowhere.invalid> wrote: > On 7/19/2014 11:54 AM, Daniel Roesler wrote: >> Howdy all, >> >> Yesterday, I created a bug proposing that Firefox switch the generic >> url icon to a negative feedback icon for non-https sites. >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 >> >> I created this bug because it's time we start treating insecure >> connections as a Bug. There is so much open wifi available to the >> modern internet user that a significant portion Firefox users' >> requests can be sniffed. If that request is insecure, it makes session >> hijacking, MITM, and metadata attacks trivially easy. Not using https >> should now be bad practice and considered harmful. >> >> Mozilla should be a leader and push websites to start securing their >> connections. Many of the largest websites already default to https, >> and it's time to start bringing the rest on board. Having negative >> feedback for insecure connections offers a huge incentive to fixing >> the larger Bug of insecure connections. >> >> Thanks and looking forward to any discussion, >> Daniel Roesler >> diaf...@gmail.com >> > > Anyone wishing to argue this issue further -- to argue in favor of > implementing a scheme to encourage all Web sites to be HTTPS with site > certificates -- should first read > <http://www.2rosenthals.net/wordpress/googles-https-everywhere-initiative-not-so-fast-994/>. > The blogger is a certificate reseller and also a computer systems > integrator. Thus, he is a professional in the area of computer systems, > including security. Although he has a vested interest in selling site > certificates, he argues against the idea that all Web sites should be > HTTPS. > > -- > David E. Ross > > The Crimea is Putin's Sudetenland. > The Ukraine will be Putin's Czechoslovakia. > See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy