View Single Post
Old 12-23-2014, 06:25 AM  
MrGusMuller
Confirmed User
 
MrGusMuller's Avatar
 
Industry Role:
Join Date: Oct 2010
Location: Portugal
Posts: 1,262
Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS

Google hopes that the warnings it sends to Chrome browser users will encourage websites to move to the secure HTTP protocol.

Google plans to introduce a warning system to alert users about potential security risks when they visit websites that do not use the HTTPS protocol.

Starting in 2015, users of Google?s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure. Initial alerts will simply mark a non-HTTPS site as having ?Dubious? security but at a future date, Chrome will start labeling such sites as ?Non-secure."

Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS


=====

Marking HTTP As Non-Secure
Proposal

We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015.

The goal of this proposal is to more clearly display to users that HTTP provides no data security.

Request

We?d like to hear everyone?s thoughts on this proposal, and to discuss with the web community about how different transition plans might serve users.

Background

We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.

Roughly speaking, there are three basic transport layer security states for web origins:

Secure (valid HTTPS, other origins like (*, localhost, *));
Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and
Non-secure (broken HTTPS, HTTP).

Marking HTTP As Non-Secure - The Chromium Projects
__________________
StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
ICQ: 63*23*43*113

MrGusMuller is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote