With no further comments as to whether I agree with this or not,
forwarding this request to fx-dev (with cc to m.d.platform) instead of
m.d.security.policy. Please follow up on fx-dev.
~ Gijs
On 14/12/2014 22:18, diaf...@gmail.com wrote:
I would like to request that Bug #1041087 be re-opened for discussion.
https://bugzilla.mozilla.org/show_bug.cgi?id=1041087
Much has changed since this bug was closed:
1. CloudFlare started offering free SSL certificates[1].
2. The EFF, Mozilla, IdenTrust, Akamai, and Cisco will start offering free SSL
certificates[2].
3. Google is now ranking websites that use https higher[3].
4. Chrome plans to start marking http as non-secure[4].
5. Wireless carriers have begun modifying headers in transit[5].
All of these are a fantastic group effort to make the web more secure, and
Firefox needs to be part of that effort. I propose the WONTFIX closure of Bug
#1041087 be reconsidered and a timeline for gradually shifting to marking http
as non-secure be established.
Thanks!
Daniel Roesler
[1]: http://blog.cloudflare.com/introducing-universal-ssl/
[2]:
https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web
[3]:
http://googleonlinesecurity.blogspot.com/2014/08/https-as-ranking-signal_6.html
[4]: https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
[5]: http://www.wired.com/2014/10/verizons-perma-cookie/
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
