Security Market Segment LS
Monday, 04 May 2015 07:24

Mozilla deprecates HTTP: new features for HTTPS sites only


Citing "broad agreement that HTTPS is the way forward for the web," Mozilla has decided that new features of its software will only be available to secure web sites.

Mozilla's plan to focus its development efforts on the secure web has two main parts.

The first is that after a date that has yet to be determined, new features in programs such as Firefox will only works with secure sites.

The second is arguably more aggressive, in that it calls for the gradual removal of access to browser features by non-secure sites, "especially features that pose risks to users’ security and privacy," Firefox security lead Richard Barnes wrote in the Mozilla Security Blog.

He went on to point out that the second involves a trade-off between security and compatibility. After all, it's a fair bet that any feature made inaccessible to HTTP will be used by some sites - it they weren't, there would be no real need to prevent their use in this way.

While some features may be completely disabled for non-secure sites, others may be permitted but only with certain limitations. Barnes suggested this could be similar to the way Firefox already allows only temporary access to the camera and microphone by such sites.

Existing sites will continue to work without modification for months or years, according to Mozilla.

"Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community," Barnes wrote.

"We expect to be making some proposals to the W3C WebAppSec Working Group soon."

The organisation as also moved to allay fears about the cost of using HTTPS. Free SSL certificates are available, and modern hardware can encrypt the traffic with a very modest performance hit.

A particular problem lies in the use of HTTP by the web servers embedded in devices such as printers and routers, as in general they are not designed to have their own certificates. Mozilla believes this situation can be improved.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments