Looks like the Web encryption charge has been taken by none other than Mozilla. According to the creators of the Firefox on Thursday, they are working on a plan that will be favourable for websites that enables HTTPS.
According to Richard Barne, Firefox Security Lead in a blog post, many will agree that HTTPS is the next big thing in the future and they have supported this by adding the statement given by W3C, IAB, US government, and IETF.
What is the limitation all about?
Rumours suggest that the company is working on developing new Firefox features which are meant only for encrypted websites. Apart from this the company is also looking into the possibility of phasing out some access to their current browser features which will be available for non-secure websites.
But even this will require a lot of coordination for everything to work out as anticipated. As per Barnes, first it is important for the community to freeze down a specific date post which all the latest features will only be available to all the secured websites. The community also needs to decide as to which of the features can be considered as new feature.
For instance a simple example of a new feature will be an existing feature which no longer can be polyfilled. Barnes further added that through this way some of existing features like CSS as well as other rendering features still available for use on the insecure websites.
This is because the pages will be the ability to depict effects by itself. On the other hand, this might cause hindrance and also restrict some of the qualitatively new features like getting access to the new hardware competencies.
Once the company has all the elements set in the right place, they will slowly start giving out the access of the new browser feature to non-secure websites as well. Barnes also added that they will still have to constantly monitor the amount of breakage as well as balance it out with the new security benefits.
Mozilla at present is also considering some lenient limitations that will be overlaid on the existing functions when they are being used on the non-secure pages. Firefox has already got microphone and camera access. The company is also considering putting limitations on the non-secure cookies.
Barnes further added that the main goal of this initiative is to send across a message to all the Web developer community about the importance of being secure. He also added that the company’s effort will become more effective if they receive coordination from the entire community.
Mozilla is working on a proposal that they will be presenting it to the W3C WebAppSec Working Group in the near future. This move from the company has been observed soon after the American Civil Liberties Union (ACLU) complained about some of the government tiplines for being insecure.
However there are concerns among web developers in the community as well. We will have to see if the company is able to resolve these out soon.