Mozilla Pushes Web Sites To Adopt Encryption

The organization behind the Firefox Web browser wants to see Web site encryption become standard practice online, and it has laid out a two-part plan to help that happen. Mozilla said it plans to set a date by which all new features for its browser will be available only to secure Web sites. Additionally, it will gradually phase out access to some browser features for Web sites that continue to use HTTP instead of the certificate-secured HTTPS.

There's been a growing momentum to get more, if not all, sites on the Web to adopt the secure HTTPS standard. Among the organizations that support the change are the Internet Security Research Group, the World Wide Web Consortium, the U.S. government's chief information office and Google, which last year said it would start giving a slight edge to encrypted Web sites in its search results.

When Web sites use the HTTP standard, information transferred back and forth during any browsing session is unencrypted. This opens up such sites to man-in-the-middle attacks where hackers can intercept a site visitor's username, password, browsing history and other information.

Next: Deciding How and When To Phase Out

Writing on Mozilla's security blog on Thursday, Firefox Security Lead Richard Barnes said his organization's goal with its two-step plan is to "phase out non-secure HTTP." He added that Mozilla developed the broad outlines of its plan after having a "robust discussion" with members of its Mozilla development platform Google Group.

Moving forward, Mozilla community members will next need to decide which features of future Firefox releases will be considered new, and when those features will start being available only to Web sites using HTTPS encryption. Mozilla will also have to work out how it will phase out access to certain browser features for non-secure sites.

That second part will "need...

Comments are closed.