Mozilla Fundation, a step toward to full HTTPS implementation

The Mozilla Foundation is starting the operations to phase the HTTP connections in the Firefox browser according to “encrypt the Web” movement.

According to roadmap defined by the Mozilla Foundation, the organization has started the process to move toward full HTTPS enforcement in Firefox browser

In November 2014 the Electronic Frontier Foundation (EFF) and other firms, including Cisco, Mozilla, Akamai, Identrust launched a new organization called Let’s Encrypt with help from researchers at the University of Michigan.

The organization will provide free HTTPS certificates to every website that will move to HTTPs.

The announcement of Mozilla is very important considering that its Firefox product accounts for between 12 and 22 percent of the browser market share if we count the different versions.

Mozilla still hasn’t provided any indication on the timeline for the exclusive adoption of the HTTPs protocol. The only news available on the roadmap is that Firefox will provide a date for the full adoption of HTTPS connections and that once defined this date the organization will begin making existing features incompatible with insecure HTTP websites.

The expert considers the path very complicated because Mozilla will have to cut off existing features for HTTP connections gradually.

“We’re also already considering softer limitations that can be placed on features when used by non-secure sites,” explained security lead Richard Barnes. “For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website.  There have also been some proposals to limit the scope of non-secure cookies.”

Principal security firms have announced similar initiatives to promote the adoption of encryption on a global scale. Google recently announced that websites implementing HTTPs will be favorited by the giant of search engines, which has also announced the adoption of encryption mechanisms also for its ad services.

Pierluigi Paganini

(Security Affairs – HTTPs, Encryption)