Phoronix reports the Mozilla Security Engineering team is planning to make their browser useless for browsing much of the World Wide Web, by deprecating insecure HTTP.
Richard Barnes of Mozilla writes:
In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security.
See also this document outlining the initial plans.
(Score: 2) by juggs on Thursday April 16 2015, @12:21AM
Will be interesting to see how the EFF et al. efforts pan out with their Let's Encrypt initiative https://letsencrypt.org/ [letsencrypt.org] - certs for all for free.
Provided they can jump through the hoops and set up their procedures suitably, I can't see why there root CA would not become commonplace in browser / OS cert hives.
That could leave just the Extended Validation (EV) green bar or shiny gold padlock types of fluff in the hands of the pre-existing CAs to gouge people on price for.