-
Re: HTTPS ONLY supported after 1/1/18?
Paul LaFollette Oct 30, 2017 2:34 PM (in response to Bill Kasper)Bill Kasper, I'm thinking you're not the last to know. This is the first I had heard that. Is there a document, news article, something that you can share showing this info?
All the devices in my organization we set to use https. We let the printers use their own internally generated certificates (which the browsers always caution about), but that is sufficient for our needs. Much simpler than going through the pain of frequently obtaining and updating certificates for over 600 printers (which is the alternative).
Thanks,
- Paul L.
-
Re: HTTPS ONLY supported after 1/1/18?
Scott Olswold Oct 30, 2017 4:00 PM (in response to Bill Kasper)Bill,
I'm not too sure that this is completely accurate. Back in May, Google began making plans to blacklist sites that were asking for data (credit cards, for example) over HTTP, and that their Chrome browser, version 62 (which is out now) would begin to caution users when an HTTP form was loaded. But...you can only push a client-side operation so far. And that's the only thing that I've seen.
I suspect, as is most always the case, the others (Microsoft, Mozilla, Apple, and Opera) will begrudgingly follow suit and the next revision of their browser will do the same thing. But you can't force a website owner (particularly a firmware-enabled website, as is present on almost any printer) or older browser to eschew an HTTP form in favor of one with HTTPS unless there's an implementation of middleware that is getting in the middle of all of that traffic. And that would mean that nothing is safe (and would be a bad, bad day for 100% of the world's population). Another caution: HTTPS and SSL don't necessarily mean secure, it just means that there's an agreed-upon cipher between the client and the server; a person or organization could legitimately hijack Symantec's CA and private key and then all of those Symantec-credentialed websites are basically as useful at protecting your "in flight" data as an HTTP connection would be.
I could also be very wrong on the January 2018 thing. And if I am, you'll find me in the corner wearing my aluminum foil hat, reading George Orwell's 1984.
-
Re: HTTPS ONLY supported after 1/1/18?
Ralph Miller Oct 31, 2017 9:15 AM (in response to Scott Olswold)Here's some info from Malwarebytes about Google and https
-
Re: HTTPS ONLY supported after 1/1/18?
Paul LaFollette Oct 31, 2017 10:05 AM (in response to Ralph Miller)So… If I read that article correctly, starting after a particular date, if a web page doesn’t use https or has mixed content (some https some just html) the web browsers (especially Google’s) will be warning in the path bar “Not Secure”… and that’s about it?
So really just enhancing how users are alerted to sites that are not or not fully encrypted?
Thanks,
- Paul L.
-
Re: HTTPS ONLY supported after 1/1/18?
Scott Olswold Oct 31, 2017 10:18 AM (in response to Paul LaFollette)Yes. In a very cheeky and obtuse way, that's what I said yesterday. There are many organizations out there (certificate providers, for one) who are on the bandwagon for a fully HTTPS-configured web experience, but there's no real way to enforce that. All you can do is release browsers that spread FUD, maybe enough layers of "are you sure??" questions, or befuddling choices in the hopes of raising public outcry to do just that:
In other words: Be Safe, and Carry On!
-
-
-