IMO, limiting new features to HTTPS only, when there's no real security reason behind it will only end up limiting feature adoption. It directly "punishing" developers and adds friction to using new features, but only influence business in a very indirect manner.
If we want to move more people to HTTPS, we can do any or all of the following: * Show user warnings when the site they're on is insecure * Provide an opt-in "don't display HTTPS" mode as an integral part of the browser. Make it extremely easy to opt in. Search engines can also: * Downgrade ranking of insecure sites in a significant way * Provide a "don't show me insecure results" button If you're limiting features to HTTPS with no reason you're implicitly saying that developer laziness is what's stalling adoption. I don't believe that the case. There's a real eco-system problem with 3rd party widgets and ad networks that makes it hard for large sites to switch until all of their site's widgets have. Developers have no saying here. Business does. What you want is to make the business folks threaten that out-dated 3rd party widget that if it doesn't move to HTTPS, the site would switch to the competition. For that you need to use a stick that business folks understand: "If you're on HTTP, you'd see less and less traffic". Limiting new features does absolutely nothing in that aspect. _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
