Google Chrome Marks HTTP Sites As Insecure

    The developers of the Google Chrome web browser promise to mark websites that use a simple HTTP connection with the client as unsafe and offer all other Web applications (User Agent) to do the same. Thus, users want to make it clear that this simple connection does not provide the necessary level of security during data transfer. It is assumed that now the browser itself will distinguish between the types of security of connecting to the server for notifying the client about this: secure (Secure), dubious (Dubious) and insecure (Non-secure).

    We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure . We intend to devise and begin deploying a transition plan for Chrome in 2015.

    Web connections are divided into three types:
    • Secure: connect via HTTPS or localhost.
    • Dubious: HTTPS connection, but c. mixed resources (contains links to unsafe resources in the body of the web page), as well as HTTPS with errors in TLS.
    • Non-secure: connection via broken (invalid) HTTPS or simple HTTP.

    For other web application vendors (the so-called User Agent vendors), a scheme is proposed according to which the site can be attributed to one or another type and gradually implement this in the product, see here .

    Also popular now: