Re: Proposal: Marking HTTP As Non-Secure from Chris Palmer on 2014-12-14 (public-webappsec@w3.org from December 2014)

From: Chris Palmer <palmer@google.com>
Date: Sun, 14 Dec 2014 10:34:55 -0800
To: Alex Gaynor <alex.gaynor@gmail.com>
Cc: Igor Bukanov <igor@mir2.org>, Eduardo Robles Elvira <edulix@agoravoting.com>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, blink-dev <blink-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>
Message-ID: <CAOuvq22PVezFvCmj062V0_W+JP1W1ziahD1B=oEGMgfcKx8stw@mail.gmail.com>

On Sun, Dec 14, 2014 at 10:00 AM, Alex Gaynor <alex.gaynor@gmail.com> wrote:

Is there a plan for HTTP to eventually have an interstitial, the way HTTPS
> with a bogus cert does?


We (Chrome) have no current plan to do that. In the Beautiful Future when
some huge percentage of pageviews are shown via secure transport, it might
or might not make sense to interstitial HTTP then. I kind of doubt that it
will be a good idea, but who knows. We'll see.

Received on Sunday, 14 December 2014 18:35:22 UTC