Google Chrome will mark HTTP sites as unsafe
Google Chrome’s web browser developers promise to mark websites that use a simple HTTP connection with the client as insecure and offer all other Web applications (User Agents) to do the same. Thus, users want to make it clear that this simple connection does not provide the necessary level of security during data transfer. It is assumed that now the browser itself will distinguish between types of security connections to the server to notify the client about this: secure (Secure), questionable (Dubious) and unsafe (Non-secure).
Web connections are divided into three types:
For other vendors of web applications (the so-called User Agent vendors), a scheme is proposed according to which the site can be classified as one type or another and implemented in a product in stages, see here .
We, the Chrome Security Team, propose that the user agents (UAs) are progressively non-secure . We’ve been embarking on a transition plan for Chrome in 2015.
Web connections are divided into three types:
- Secure (Secure): connect over HTTPS or localhost.
- Dubious: connection via HTTPS, but with c. mixed resources (contains links to unsafe resources in the body of the web page), as well as HTTPS with errors in TLS.
- Insecure (Non-secure): connection through a broken (invalid) HTTPS or simple HTTP.
For other vendors of web applications (the so-called User Agent vendors), a scheme is proposed according to which the site can be classified as one type or another and implemented in a product in stages, see here .
')
Source: https://habr.com/ru/post/245759/
All Articles