EFF states that the
HTTP protocol should die completely and should definitely be gone from the Internet,
this because it is unencrypted and because of NSA-critical revelations etc.
Read:
http://www.tomsguide.com/us/http-must-die,news-19188.html link article author Paul Wagenseil
Only ads and content delivery (trackers) are still in need of HTTP, and also is avast! av, because it
cannot scan inside HTTPS
.
So insecure HTTPS is not flagged, certification issues only reported by Google and Comodo?
What about insecure policies alerted? (Recx Security Analyser for Google Chrome, Calomel SSL-validation add-on for firefox
).
The EEF standpoint can be read here:
https://www.eff.org/event/hope-xpolonus