News

Mozilla developer plans to phase out http traffic support

By admin
Spread the love

Richard Barnes, a security engineer at Mozilla, has proposed to phase out support for unencrypted HTTP traffic. According to the software developer, http is too easy to tap and abuse, for example to carry out phishing attacks.

Barnes states in a posting to Google Groups that more and more internet organizations are proposing to ignore unencrypted http traffic and to opt for encrypted https traffic by default. To speed up this switch, the security engineer proposes to gradually ban http traffic in browsers such as Mozilla’s Firefox. This should improve the privacy of internet users and reduce attack methods by cyber criminals via http.

The software developer proposes a number of phases to speed up an internet-wide switch to https and to encourage web developers to choose https as the default. In the first phase, so-called privileged contexts must be defined, in which the minimum security level is described. The W3C is already working on that. In phase two, it must be determined when these privileged contexts will form the minimum basis for using new features in a browser such as Firefox.

In the third phase, it is determined that only traffic originating from https sites can access new features in the browser. For this, a date must be determined based on statistics that indicate the extent to which https is used on the internet. Barnes thinks that in the fourth phase, http has been renounced almost entirely.

Barnes wants to see with his proposal whether there is support among developers. The Mozilla developers’ discussion list mostly sounds like agreement, but it also describes potential problems. For example, almost all intranet sites are http-based and older devices do not always support secure https implementations. In addition, some websites report a drop in revenue from displaying advertising banners when switching to https.

Firefox supports http/2 by default since version 36. In this new protocol, encrypted connections form the basis. Browsers like Chrome are also moving in this direction. In addition, the costs for applying for an SSL certificate are falling, while more and more free options are now appearing.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

Exit mobile version