Welcome to WebmasterWorld Guest from 126.96.36.199
We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015.Google Proposing Marking HTTP Sites as non Secure [chromium.org]
Roughly speaking, there are three basic transport layer security states for web origins:
Secure (valid HTTPS, other origins like (*, localhost, *));
Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and
Non-secure (broken HTTPS, HTTP).
UA vendors who agree with this proposal should decide how best to phase in the UX changes given the needs of their users and their product design constraints.
[edited by: aakk9999 at 11:19 pm (utc) on Dec 17, 2014]
[edit reason] Added clarification [/edit]
Secure (valid HTTPS, other origins like (*, localhost, *))
limited to pages that post the content back using forms or similar
I'm tickled by the implication that google is planning to index my personal hard drive
So..G are going to warn surfers when adwords lead to non HTTPS sites are they ? ..Hmmmm..I thought not..
I can see some sites with deep pockets that would sue them back to the garage if they add "non-secure" or "unsecure" next to their site in the address bar.
[edited by: Leosghost at 3:00 am (utc) on Dec 18, 2014]
...propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure.
Ultimately, we can even imagine a long term in which secure origins are so widely deployed that we can leave them unmarked (as HTTP is today), and mark only the rare non-secure origins
Non-HTTPS sites would have a tough time winning defamation lawsuits, because Google wouldn't be commenting negatively on their sites
We’d like to hear everyone’s thoughts on this proposal, and to discuss with the web community about how different transition plans might serve users.
...it's merely a proposal.
What's more, it's entirely possible that, by the time this proposal is implemented (if it ever is), HTTPS will be a lot more widespread than it is now.
We intend to devise and begin deploying a transition plan for Chrome in 2015.
...the transition plan could be time-based:
T0 (now): Non-secure origins unmarked
T1: Non-secure origins marked as Dubious
T2: Non-secure origins marked as Non-secure
T3: Secure origins unmarked
joined:Dec 18, 2014