HTTP The HyperText Transfer Protocol. Objectives Introduce HTTP Introduce HTTP support in.NET.
Six Reasons http Will Become a Thing of the Past
-
Upload
cascouncil -
Category
Technology
-
view
377 -
download
2
Transcript of Six Reasons http Will Become a Thing of the Past
![Page 1: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/1.jpg)
REASONS HTTP WILL BECOME A THING OF THE
PAST
6
![Page 2: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/2.jpg)
Reason #1: Browsers Will Warn Users of Non-HTTPS Connections
Chrome plans to warn users when pages are insecure (non-https), and will warn if an insecure page asks for a password or credit card with words “Not Secure”
Firefox plans a similar warning for sites requiring passwords and credit cards
Both will transition to a more noticeable red triangle
![Page 3: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/3.jpg)
Firefox Warnings
When passwords are requested over http:
https://blog.Mozilla.org/tanvi/2016/01/28/no -more-passwords-over-http-please/
http-password.badssl.com
DevEdition 46+
http-password.badssl.com
DevEdition 45
![Page 4: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/4.jpg)
Chrome to Present Similar Warnings
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Treatment of HTTP pages withpassword or credit card form fields:
Current (Chrome 53) login.example.com
Jan. 2017 (Chrome 56) login.example.comNot secure
![Page 5: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/5.jpg)
Reason #2: Powerful Features Only on HTTPS
Encrypted Media Extension (DRM)
See: https://www.chromium.org/Home/chromium-security/deprec
ating-powerful-features-on-insecure-origins
Geolocation (Chrome 50)
Device Motion/Orientation Fullscreen
getUserMedia (Camera/Mic)
![Page 6: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/6.jpg)
Reason #3: HTTP2 Over HTTPS Only
Chrome, Firefox, IE, Edge, Safari, Opera test comparison
HTTP/2
HTTP/1.1
0 10 20 30 40 50 60
Latency (in mil-liseconds)
HTTP/2
HTTP/1.1
0 2 4 6 8 10 12 14 16 18 20
Load Time (in seconds)
See: https://http2.akamai.com/demo
![Page 7: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/7.jpg)
Reason #4: Improved Referrer Data
Use HTTPS for your own site and improve your
referrer data!
HTTP Website Operator:
Source (HTTPS):
![Page 8: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/8.jpg)
Reason #5: GMAIL Showing Encryption IndicatorsSMTP TLS Connection GUI in gmail
Use publicly trusted certs for mail servers
NO ENCRYPTION WITH ENCRYPTION CERTIFICATE
of mail servers don’t have a publicly trusted SSL cert yet, according to Netcraft
82%
![Page 9: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/9.jpg)
Reason #6: HTTPS is Coming to a Domain Near You
56%Use https
46%Participate in the
digital analytics program
ALL .gov
OUT OF 1166
DOMAINS! As of 10/17/16
![Page 10: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/10.jpg)
What Do These Mean?
Symbols That Are Consistent, Universal, Global, No Learning
Curve!
![Page 11: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/11.jpg)
Consistency Matters
Copyright © 2014 Symantec Corporation
![Page 12: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/12.jpg)
CASC Predictions
Certificate usage will continue to grow6.5 to
7.5M in 12 monthsFueled by https initiatives (search ranks, powerful features, negative browser UI)
SNI servers will show increased
growth
SHA-1 usage will decline
dramatically (and so will XP!)
Phishing using DV certs will continue to
increase
Chrome will be on the bleeding edge of
changes and enforcements
IPv6 will finally be adopted for CRL and
OCSP lookups
![Page 13: Six Reasons http Will Become a Thing of the Past](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871505d1a28ab55588b7a8d/html5/thumbnails/13.jpg)
Q&A