Should HTTP be removed?

Mujkanovic

Well-known member
Collaborate
Registered
Joined
Apr 24, 2016
Messages
424
Points
18
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
 

BenZ-AMS

Member
Registered
Joined
May 9, 2018
Messages
22
Points
3
Kind of makes you wonder why there's not rudimentary encryption included in HTTP, if everyone is going to have to go to using a CA signed public/private key certificate.

Keep in mind, you can't issue a CA signed certificate immediately. There's always going to be lag time between when a website is resolving to a server and when the CA issues a certificate. 1) It takes time for nameserver changes to take affect and 2) it takes time for the CA to process and issue a certificate.

A lot of this could be solved with self-signed certificates. But no... self-signed certificates were vilified several years ago.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
VirtuBox
There are no relation between SSL certificates issuing and DNS. There are several ways to issue certificates, you can use DNS validation as well as other type of validation.
And self-signed certificates provide the same encryption than other certificates, the only difference is the web browser validation.
But if you are using a redirection to https, there is no reason to remove http.
 
Last edited:

BenZ-AMS

Member
Registered
Joined
May 9, 2018
Messages
22
Points
3
If you buy a domain name and hosting right now, this minute, it will still take several minutes for a CA certificate to be issued for the domain name. And for the most part, cPanel's AutoSSL won't issue a certificate until the night following the domain name being set up.

A self-signed certificate can be set up immediately, because it's not signed by any 3rd party. Sure it risks MITM attacks, but it provides instant encryption.

So why were self-signed certificates vilified so many years ago?

Why not a small browser message: "This site is using a self-signed certificate" and "This site is using a CA signed certificate" and "This site is using an EV certificate (see pretty green address bar and everything)" This would essentially make non HTTPS traffic obsolete.
 

24x7serverman

Well-known member
Hosting Provider
Registered
Joined
Jul 25, 2017
Messages
651
Points
28
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
Yes, everyone is moving towards https and depreciating Non-secure HTTP protocol. But, http is a backbone of world wide web so I don't think so it will be removed permanently but who knows future!!! :)
 

albino

Member
Registered
Joined
Apr 5, 2018
Messages
24
Points
3
albino
You are right about that, because many websites is still undergoing their process using HTTP and we are just an audience when it comes to that matter, if anything should happen about web upgrades and other websites reconstruction it is out of our control.
 

Maxoq

Well-known member
Registered
Joined
Feb 25, 2015
Messages
520
Points
28
I think HTTP should be removed if it doesn't give any benefits for users any more.
I also want to know how many percentage of websites are using HTTP and How many for HTTPS. Does anyone share this info?
 

Riviera

New member
Registered
Joined
Aug 24, 2015
Messages
10
Points
3
I think That must be very long time, for many years to decades. All the websites in the world can not upgrade https as easy like clapping hands. Until http is useless - no benefit as @Maxoq mentioned - they will not use it anymore. I definitely agree with his opinion.
 

sandraharriette

Member
Registered
Joined
Sep 3, 2017
Messages
16
Points
3
The
Almost websites is tending to moving to https, so is HTTP really necessary to exist? and should it removed and instead completely with https?
The HTTPS Everywhere extension was perhaps created for this reason, at least partially. It forces HTTP websites to use HTTPS, but I find that it breaks sites. I believe in encryption as much as possible, although there seem to be cautions against it probably because it might be more work than what it pays off.

I think we need to use it for certain types of sites, and I don't mean banking sites. That's another security discussion entirely.
Anywhere personal details are entered and personal communications take place would be a good starting point to have the minimum level of encryption. I'm not just worried about the secure connection, I'm also worried about other ways and points at which the data can be compromised.

I don't want to get off topic too much, so to answer I feel that it's not a matter of should every website be HTTPS as much as it a matter of when that will be the norm.
 

Internet-Buff

Member
Registered
Joined
Aug 1, 2018
Messages
41
Points
8
In my opinion, all HTTP sites will move to HTTPS, but this will take a long time. There are two reasons:
  1. It is said that HTTPS is one of the reference factors in Google search ranking algorithms, so all websites will move to HTTPS, unless they don't want to rank higher in Google search.
  2. Additionally, anyone can install free SSL certificate like Let's encrypt without paying one penny, so this is another reason for moving to HTTPS.
 

HostechSupport

Active member
Registered
Joined
Jan 19, 2013
Messages
68
Points
8
Yes, both the features of SSL are correct moreover due to security https has got more rankings than http.
 

AaronSmith

Member
Registered
Joined
Jun 15, 2017
Messages
17
Points
3
Website visitors demand secure (HTTPS) connections to the websites they are interacting with. If you move your site completely with HTTPS then Visitor ensure that any information passed between their web browser and your web server can neither be stolen nor intercepted because an encrypted connection has been established using SSL certificate installed on your server.

Standard SSL certificate issued by Certificate Authority (CA) upon successful authentication of a domain name. Even HTTPS is good for site's Search Engine Optimization (SEO). Organization Validation (OV) or Extended Validation (EV) SSL certificates are ideal for sites which are accepting payments or any sensitive information from an online user. EV SSL issued by CA upon successful authentication of organization and validating through legal documents. In short, SSL certificate used to increase more trust in your brand. So it is recommended to migrate a site from HTTP to HTTPS.
 

BlueLeaf

Well-known member
Registered
Joined
Apr 11, 2017
Messages
161
Points
18
There's no arguing that HTTP is becoming obsolete, unattractive, and plain unsafe. However, it's still the foundation of data communication on the Web. I think it's much easier to add an SSL Cert to HTTP and make it HTTPS, than revamping the HTTP protocol completely and introducing a single, secure protocol.

HTTPS works perfectly, and today, there's plenty of ways to secure a website in just a matter of minutes.
 

BenZ-AMS

Member
Registered
Joined
May 9, 2018
Messages
22
Points
3
The issue I have with the current widespread deployment of DV certificates, is the fact that it's got to be domain validated.

If you register a new domain name, set up a new hosting account, how do you know the exact moment when that domain name is resolving to your server, so it can be domain validated? There is bound to be a period of time between which the domain is resolving to the server, but an automatic validation system has not picked up the domain and issued a certificate.

Then what happens if that validation system is down for any length of time?

What if that CA is hacked or compromised? Rendering all certificates from that CA compromised and they all have to be reissued?

I would really like to see something like DANE take off, whereby you're not tied down to a particular CA or validation system. I don't think DANE would replace all CA signed certificates. But if you're just wanting basic security/encryption, then self-signed DANE fingerprinted would seem to offer that.
 

CyberSasu

Member
Registered
Joined
May 1, 2017
Messages
24
Points
3
Yes, non ssl websites will be marked as not secure with in some time. It is best time to go with ssl.
Now days SSL is free of cost i.e. Letsencrypt and so on. COMODO and others also has cheap plan. So what's wrong to go with it.
 

ForwardWeb - Branden

Well-known member
Hosting Provider
Registered
Joined
Aug 31, 2018
Messages
198
Points
28
yes there is no reason not I understand the reluctant sites as they run older systems ect the worst example i have seem is Crunchyroll but at the end of the day there is no real excuse anymore if you care about your online presence or business then you must do what needs to be done the risks are not worth it
 

vps9networks

Member
Registered
Joined
Aug 11, 2017
Messages
15
Points
3
Google new algorithm makes website to display not secure on http websites in Chrome latest browser, this is made mandatory from July 2018.
so, it is better to shift to https for your website for higher SEO ranking
 
Newer Threads
Replies
1
Views
1,347
Replies
13
Views
3,724
Replies
10
Views
1,973

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top