Page 1 of 1 [ 2 posts ]
Andoras
Yellow-bellied Woodpecker
Joined: 19 Nov 2014
Age: 35
Gender: Male
Posts: 61
Location: Dunakeszi, Hungary
20 May 2015, 2:09 pm
https://blog.mozilla.org/security/2015/ ... cure-http/
I'm not totally sure if it's a really good idea or if it really needs.
I mean while they rise up every websites to use http//s safer internet protocol there's no information about how we will be able to know the difference between normal site's and special site's like banks or webshops safetiness when every site's url will start with https:// 
...and the Firefox don't make it easier:
http://tinypic.com/m/iwj1c6/2
It show's a black and white symbol next to the lock symbol which means that the site use both encrypted and non encrypted sources too if I know well.
20 May 2015, 4:22 pm
Andoras wrote:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
I'm not totally sure if it's a really good idea or if it really needs.
I mean while they rise up every websites to use http//s safer internet protocol there's no information about how we will be able to know the difference between normal site's and special site's like banks or webshops safetiness when every site's url will start with https://
...and the Firefox don't make it easier:
http://tinypic.com/m/iwj1c6/2
It show's a black and white symbol next to the lock symbol which means that the site use both encrypted and non encrypted sources too if I know well.
I'm not totally sure if it's a really good idea or if it really needs.
I mean while they rise up every websites to use http//s safer internet protocol there's no information about how we will be able to know the difference between normal site's and special site's like banks or webshops safetiness when every site's url will start with https://
...and the Firefox don't make it easier:
http://tinypic.com/m/iwj1c6/2
It show's a black and white symbol next to the lock symbol which means that the site use both encrypted and non encrypted sources too if I know well.
You will still be able to tell the difference for banks and any other websites who want to cough up the extra cash and go through the legal hoops to get an Extended Validation SSL certificate.
Go to https://www.bankofamerica.com/ in Firefox. Notice how, to the left of the address bar, there's a green closed-lock icon and the words "Bank of America Corporation (US)" in green text? That's because they're using an EV SSL, which gives the user the "green light" to trust the website because it's been validated as affiliated with the named real-world business.
It costs about 10 times what a normal SSL certificate costs and you need a lawyer to do some of the extended validation paperwork. So nobody bothers with them unless there's a legitimate need to associate the website with an established real-world entity.
