This is really great. I love it. HTTPS, bring it on!
Firefox 44, non-HTTPS login page
So what Mozilla is aiming to do is to ship Firefox 44 with some new security enhancements: every page, that contains a login form, but is served over plain HTTP, will be marked with the so-really-user-friendly broken padlock. You’ll get the same lock if your login form’s target page is insecure, too, but that should be obvious. FF44 ships this week.
Is this a security enhancement? Hard to say.
- What does a completely average Internet user think when the broken padlock appears on a page that seemed to be completely fine just yesterday?
- Should every developer upgrade some legacy sites that are completely fine par this one thing?
- What about the hobbyists who have installed a bulletin board software in a webhotel but aren’t really any sort of developers?
The whole question of to HTTPS or not to HTTPS is a tough one since it’s so easy to find cases where it really isn’t needed but the enforcing decisions of browser vendors affect them no matter what.
On a personal note I can say that I have a passion for HTTPS. Sounds retarded, maybe so, but I like it. I want to have it everywhere. I have built myself an interest out of it very so that I follow all things HTTPS all the time.