Should HTTP be removed?

Mujkanovic

Well-known member
Joined
Apr 24, 2016
Messages
166
Best answers
0
Ratings
3
Points
18
#1
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
 

BenZ-AMS

New member
Joined
May 9, 2018
Messages
13
Best answers
0
Ratings
11 6
Points
3
#2
Kind of makes you wonder why there's not rudimentary encryption included in HTTP, if everyone is going to have to go to using a CA signed public/private key certificate.

Keep in mind, you can't issue a CA signed certificate immediately. There's always going to be lag time between when a website is resolving to a server and when the CA issues a certificate. 1) It takes time for nameserver changes to take affect and 2) it takes time for the CA to process and issue a certificate.

A lot of this could be solved with self-signed certificates. But no... self-signed certificates were vilified several years ago.
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,476
Best answers
4
Ratings
363 8
Points
83
#3
VirtuBox
There are no relation between SSL certificates issuing and DNS. There are several ways to issue certificates, you can use DNS validation as well as other type of validation.
And self-signed certificates provide the same encryption than other certificates, the only difference is the web browser validation.
But if you are using a redirection to https, there is no reason to remove http.
 
Last edited:

BenZ-AMS

New member
Joined
May 9, 2018
Messages
13
Best answers
0
Ratings
11 6
Points
3
#4
If you buy a domain name and hosting right now, this minute, it will still take several minutes for a CA certificate to be issued for the domain name. And for the most part, cPanel's AutoSSL won't issue a certificate until the night following the domain name being set up.

A self-signed certificate can be set up immediately, because it's not signed by any 3rd party. Sure it risks MITM attacks, but it provides instant encryption.

So why were self-signed certificates vilified so many years ago?

Why not a small browser message: "This site is using a self-signed certificate" and "This site is using a CA signed certificate" and "This site is using an EV certificate (see pretty green address bar and everything)" This would essentially make non HTTPS traffic obsolete.
 

24x7serverman

Well-known member
Joined
Jul 25, 2017
Messages
621
Best answers
1
Ratings
59 5
Points
28
#5
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
Yes, everyone is moving towards https and depreciating Non-secure HTTP protocol. But, http is a backbone of world wide web so I don't think so it will be removed permanently but who knows future!!! :)
 
Joined
Apr 5, 2018
Messages
24
Best answers
0
Ratings
3
Points
3
#6
albino
You are right about that, because many websites is still undergoing their process using HTTP and we are just an audience when it comes to that matter, if anything should happen about web upgrades and other websites reconstruction it is out of our control.
 

Maxoq

Well-known member
Joined
Feb 25, 2015
Messages
286
Best answers
0
Ratings
33
Points
28
#7
I think HTTP should be removed if it doesn't give any benefits for users any more.
I also want to know how many percentage of websites are using HTTP and How many for HTTPS. Does anyone share this info?
 

Riviera

New member
Joined
Aug 24, 2015
Messages
10
Best answers
0
Ratings
2
Points
3
#10
I think That must be very long time, for many years to decades. All the websites in the world can not upgrade https as easy like clapping hands. Until http is useless - no benefit as @Maxoq mentioned - they will not use it anymore. I definitely agree with his opinion.
 
Joined
Sep 3, 2017
Messages
7
Best answers
0
Ratings
1
Points
3
#11
The
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
The HTTPS Everywhere extension was perhaps created for this reason, at least partially. It forces HTTP websites to use HTTPS, but I find that it breaks sites. I believe in encryption as much as possible, although there seem to be cautions against it probably because it might be more work than what it pays off.

I think we need to use it for certain types of sites, and I don't mean banking sites. That's another security discussion entirely.
Anywhere personal details are entered and personal communications take place would be a good starting point to have the minimum level of encryption. I'm not just worried about the secure connection, I'm also worried about other ways and points at which the data can be compromised.

I don't want to get off topic too much, so to answer I feel that it's not a matter of should every website be HTTPS as much as it a matter of when that will be the norm.
 
Newer Threads
Replies
1
Views
46
Replies
13
Views
214
Replies
10
Views
93
Recommended Threads
Replies
16
Views
2,866
Replies
2
Views
1,797
Replies
8
Views
787

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.