4 comments

[ 2.1 ms ] story [ 16.4 ms ] thread
This seems a little bit "fanatic" itself, though I've not read what they're responding to so maybe that's even worse.

I'm glad someone is coming up with the ideas, even if the right answer is "not yet" or "we need to fix X and Y first".

One conclusion I draw from all this is that it is long past time to separate encryption from identity.
First of all, Mozilla is talking about slowly shutting down -features- in their browser to non-https sites, especially those that could pose a security risk to the user or their computer. I see nothing wrong with that.

Second, Mozilla is partnering with the EFF to launch Let's Encrypt! which will be a Certificate Authority providing free and automated SSL certs - so that should remove the 'resource barrier' the OP is so concerned about.

Mozilla is taking steps in the right direction to provide a safer internet for all of us, but more importantly, those of us that don't know any better, don't know how to protect themselves.

Keep it up Mozilla Team!

I personally don't think the existence of Let's Encrypt makes mandatory encryption more palatable. Requiring encryption is a problem because it introduces one more filter I must pass through before getting my message/app/product out on the web. Now in addition to the DNS registrar and the hosting provider, I have to make Let's Encrypt or some other CA happy---jump through their hoops, not upset their politics, etc.

I'm just not okay with that.