I would like to request that Bug #1041087 be re-opened for discussion. https://bugzilla.mozilla.org/show_bug.cgi?id=1041087
Much has changed since this bug was closed: 1. CloudFlare started offering free SSL certificates[1]. 2. The EFF, Mozilla, IdenTrust, Akamai, and Cisco will start offering free SSL certificates[2]. 3. Google is now ranking websites that use https higher[3]. 4. Chrome plans to start marking http as non-secure[4]. 5. Wireless carriers have begun modifying headers in transit[5]. All of these are a fantastic group effort to make the web more secure, and Firefox needs to be part of that effort. I propose the WONTFIX closure of Bug #1041087 be reconsidered and a timeline for gradually shifting to marking http as non-secure be established. Thanks! Daniel Roesler [1]: http://blog.cloudflare.com/introducing-universal-ssl/ [2]: https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web [3]: http://googleonlinesecurity.blogspot.com/2014/08/https-as-ranking-signal_6.html [4]: https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure [5]: http://www.wired.com/2014/10/verizons-perma-cookie/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
