Mozilla Deprecating HTTP For A More Secure Web

[Guest]

Mozilla announced that it's going to deprecate browser features for non-secure HTTP content and will build new features only for HTTPS connections.

Mozilla Deprecating HTTP For A More Secure Web : Read more

 

[PaulBags]

Unless they're going to force EV what's the point?

 

[agnickolov]

HTTPS per se won't stop your ISP from injecting ads, etc. If your ISP manages to trick your computer into installing its own root CA (as part of an "ISP welcoming" package for example), they can easily generate certificates to their heart's content and inject anything they want into your streams. They didn't need to do that so far, but a global move to HTTPS may very well incentivize them to do so.

The biggest detractor for HTTPS nowadays is not so much the encryption/decryption overhead (as the author rightly points out), but the latency incurred for establishing a new connection. First time loading a new site is even slower with HTTPS. Repeated use won't be affected, however.