This forum is in permanent archive mode. Our new active community can be found here.

Firefox could soon block FRC.

DaikunDaikun
in Suggestions
Mozilla announced on their blog that their Firefox browser will soon phase out access to non-secure HTTP websites. Any website that isn't HTTPS could be blocked. Pretty soon, FRC could see a decrease in visits by Firefox users who are unaware of the upcoming change. Is there a way we can encrypt this site?

Comments

  • Linkigi(Link-ee-jee)Linkigi(Link-ee-jee)
    The change probably isn't rapid enough to be immediately concerning, and the forum at least will probably have SSL set up by Vanilla.
    Relatedly, a few versions from now Chrome's changing their UI to call out non-SSL sites as insecure.
  • MATATATMATATAT
    Like does a site have to be 100% SSL requests, or just login transactions, or what?
  • SuperPichuSuperPichu
    MATATAT said:

    Like does a site have to be 100% SSL requests, or just login transactions, or what?

    Yeah doing it for websites that don't have any user data seems like kind of a waste of time and energy.
  • muppetmuppet
    This is patently absurd.
  • MATATATMATATAT
    edited May 2015
    SuperPichu said:

    MATATAT said:

    Like does a site have to be 100% SSL requests, or just login transactions, or what?

    Yeah doing it for websites that don't have any user data seems like kind of a waste of time and energy.
    Especially like really small static websites people will do for promotions and whatnot.
    Post edited by MATATAT on
  • RymRym
    I like the idea of all web traffic being encrypted.
  • muppetmuppet
    I don't like the idea of raising the overhead and technical burden to getting on the web as a content publisher.
  • Victor FrostVictor Frost
    Overhead? I didn't think opening an SSL connection had that much overhead.
  • PeguPegu
    It's a bit of a bitch to set up and certs are expensive.
  • Linkigi(Link-ee-jee)Linkigi(Link-ee-jee)
    I doubt it'll raise technical burdens that much. Most of the website-building-as-a-service sites (e.g. Wordpress, Squarespace) will just add SSL management to the services they already provide. It may require extra effort from people who self-host though.
  • Victor FrostVictor Frost
    My host (1&1) offers ssl for $50 a year, but this site offers it for $5.
  • muppetmuppet
    It's expensive and fiddly and raises the barrier to entry on the best platform we have on the entire planet for free speech. It's also totally unnecessary and seems like an extremist position to take. It's paternalistic and weird.
  • Victor FrostVictor Frost
    There are three kinds of people who make websites:
    1. Real, actual organizations (commercial or otherwise). In which case, they'll just throw a little extra money per year at their web host and it'll all just work.
    2. Individuals making websites for personal stuff (portfolios, blogs, etc). These people will, depending on their level of expertise or ability, either do the same as corporations or try rolling their own.
    or
    3. People trying to learn how to run a webserver. In which case, they'll need to learn how to properly setup SSL anyways.

    Advantages: Proper, secured connections for everyone.
    Disadvantages: Things are slightly more difficult for very small fraction of the population.
  • muppetmuppet
    Don't agree at all with your boxes but too tired to make my own delineation. :) I remember in the early-mid 90s when the web became something that people outside of college campuses knew about and then could publish to. There's just no need to attach more overhead to the process of getting your random crap on the internet, and your random crap SHOULD be on the internet!!

    People should know by now to look for a secure connection and a reputable business when doing any sort of commerce online or giving out their sensitive information, and if they don't, an SSL certificate is poor protection against scammers anyway, who could certainly set one up.

    There's just no good reason to require this as an absolute except for some weird kind of techno evangelism. No thank you.
  • StarfoxStarfox
    muppet said:

    It's expensive and fiddly and raises the barrier to entry on the best platform we have on the entire planet for free speech. It's also totally unnecessary and seems like an extremist position to take. It's paternalistic and weird.

    Let's Encrypt will nullify expensive, fiddly, and barrier to entry.
  • DaikunDaikun
    Starfox said:

    Let's Encrypt will nullify expensive, fiddly, and barrier to entry.

    Their certificates are now live.
  • StarfoxStarfox
    Yeah, but you can't get one yet.
  • AprecheApreche
    The problem is that Vanilla will still charge us extra for HTTPS even if the cert is no big deal.
  • YoshoKatanaYoshoKatana
    The overhead for SSL handshakes will hopefully be mitigated by http2's server push, though there will be at least a year until that is fully supported on modern browsers and servers.
  • AprecheApreche
    YoshoKatana said:

    The overhead for SSL handshakes will hopefully be mitigated by http2's server push, though there will be at least a year until that is fully supported on modern browsers and servers.

    People are still going to charge you for it.

    nginx just added an HTTP2 patch.
Sign In or Register to comment.