In a recent blog post, Mozilla has showed its intent to phase out the non-secure websites i.e. the HTTP. Earlier this week, Mozilla announced its plan to favor the websites who have HTTPS enabled. If this happens, the web will be divided in two parts: the HTTPS websites with full functionality and the other HTTP websites, the non-secure web with lesser features.
“There’s a pretty broad agreement that HTTPS is the way forward,” Richard Barnes, Firefox Security Lead writes. “Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community.”
Mozilla is planning to set a date after which the new features in Firefox browser will only available to websites supporting HTTPS and will slowly phase out HTTP sites. But, he said that the “new Firefox features”, which is the most important term here, can not be polyfilled.
These changes will still allow things like CSS and other rendering features on non-secure HTTP sites but it might restrict the new qualitative capabilities like new hardware support features.
But, this isn’t going to happen just because Mozilla wants it. According to Barnes, this will require some coordination and support from the internet community and W3C WebAppSec Working Group.
Mozilla says that it has to balance the security and web compatibility. Disabling few features will cause few sites to break and thus the degree of breakage and security benefit should be balanced. Mozilla also proposes the limit the non-secure cookies on the web.
With this step, Mozilla wants to send a message to the web developer community that if the websites will be more secure, the web browsers will be able to work more effectively. But, this is going to take some time.
Do you support Mozilla’s decision? Can HTTPS guarantee the web security? Tell us in comments!