“New” Features for secure sites
Today we are announcing our intent to phase out non-secure HTTP. There’s pretty broad agreement that HTTPS is the way forward for the web
The community will have to agree on a date and what features will be blocked for non https sites. It also should be noted that Mozilla will be encryption for legacy content which would have been unencrypted.
Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit,” he said, adding that Mozilla is already considering less severe restrictions for non-secure websites to find the right balance. At the moment, Firefox already blocks, for example, persistent permissions from non-secure sites for access to cameras and phone.
…the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon
