NICE! Mozilla just declared that they too intend to deprecate plain HTTP and require HTTPS for most web features:https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs …
@laurentbercot @konklone Deprecating HTTP is the only solution to captive portals and malicious APs/ISPs that alter traffic.
-
-
@RichFelker@konklone No, *choosing* HTTPS is a solution that works as well. And making it the default, for non-security-conscious users. -
@laurentbercot@konklone Users can't choose HTTPS if sites don't offer it. Most won't as long as HTTP is not deprecated by browsers. -
@RichFelker@konklone For good reason. HTTPS infrastructure is currently depending on commercial root CAs; trust has to be bought. -
@RichFelker@konklone I can't support HTTP deprecation until we've established a sane model of trust for HTTPS certificates. -
@laurentbercot@RichFelker The CA system has major problems, but the only way to make HTTPS the default for most people is to require it. -
@laurentbercot@RichFelker So@letsencrypt will help, but worth remembering that domain registration costs $ too. Domain certs cost as much. -
@laurentbercot@RichFelker The requirement is HTTPS, it isn't "HTTPS verified by CAs". The trust model underneath can be swapped out later.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.