在「Google Proposes Marking ‘HTTP’ as Insecure in 2015」這邊看到 Google 提議將 Chrome 對 HTTP 連線標示成「不安全」:「Marking HTTP As Non-Secure」。
其中一個提案是設定三個時間 (T1、T2、T3),逐步改變對 HTTP 的標示:
T0 (now): Non-secure origins unmarked
T1: Non-secure origins marked as Dubious
T2: Non-secure origins marked as Non-secure
T3: Secure origins unmarked
不過這是好提案嗎?CA 機制並不完美,這樣硬推是對的方向嗎?