Richard, Le 13 avr. 2015 à 23:57, Richard Barnes <rbar...@mozilla.com> a écrit : > There's pretty broad agreement that HTTPS is the way forward for the web.
Yes, but that doesn't make deprecation of HTTP a consensus. > In order to encourage web developers to move from HTTP to HTTPS, I would > like to propose establishing a deprecation plan for HTTP without security. This is not encouragement. This is call forcing. ^_^ Just that we are using the right terms for the right thing. In the document > https://docs.google.com/document/d/1IGYl_rxnqEvzmdAP9AJQYY2i2Uy_sW-cg9QI9ICe-ww/edit?usp=sharing You say: Phase 3: Essentially all of the web is HTTPS. I understand this is the last hypothetical step, but it sounds like a bit let's move the Web to XML. It didn't work out very well. I would love to have a more secure Web, but this can not happen without a few careful consideration. * Third tier person for certificates being mandatory is a no-go. It creates a system of authority and power, an additional layer of hierarchy which deeply modify the ability for anyone to publish and might in some circumstances increase the security risk. * If we have to rely, cost of certificates must be zero. These for the simple reason than not everyone is living in a rich industrialized country. * Setup and publication through HTTPS should be as easy as HTTP. The Web brought a publishing power to any individuals. Imagine cases where you need to create a local network, web developing on your computer, hacking a server for your school, community, etc. If it relies on a heavy process, it will not happen. So instead of a plan based on technical features, I would love to see a: "Let's move to a secure Web. What are the user scenarios, we need to solve to achieve that." These user scenarios are economical, social, etc. my 2 cents. So yes, but not the way it is introduced and plan now. -- Karl Dubost, Mozilla http://www.la-grange.net/karl/moz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
