this post was submitted on 03 Oct 2023
589 points (98.8% liked)
Firefox
17857 readers
1 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
And HTTPS relies on hosts managing SSL certificates. Web services don't use them until it hits a critical mass, then it becomes weird and broken when you aren't using it.
This just needs some time to settle in.
I remember when absolutely no one used https and then in a matter of a couple years things got really fast. Now you can easily browse with https required and only occasionally find the odd website that doesn't use it (mostly some internet relic). That was such a great transition when it happened though.
It felt like it happened practically overnight when Let's Encrypt released.
Let's Encrypt was a godsend. Getting a TLS certificate before sucked.
Yes. Thank these folks:
They created the ACME standard, the open source community got on board, and soon enough everyone bought in, a massive step forward for Internet security and the benefit of open source.
So Firefox is basically the GOAT when it comes to internet security and privacy? They should team up with the signal guys.
Google preferring https sites was the motivator I saw for client demands.
SEO scores feed into the PPC cost in AdWords so all of a sudden people were crying out for their sites to “have the padlock icon” because what’s 20 bucks for a cert when you’re spending thousands of dollars a month
And now it's free with stuff like Let's Encrypt.
You're right, but HTTPS implementation added real, tangible benefits that everyone could understand. I think ECH is a little more abstract for the average user, which is why I compared it to DNSSEC which has notoriously poor buy-in.
Obviously I hope ECH becomes a well-implemented standard. I'm just rather cynical that it'll be the case.