14 DAY TRIAL // Mozilla has announced that it will finally deprecate the support for non-secure HTTP, and they are currently putting a plan in motion. Unfortunately, there is no timetable for this action, but it's likely that will take a long time.
Mozilla can't just stop providing support for HTTP links all of a sudden, and it needs the help of the developers and the community to do so. This is more of an awareness effort to ensure that the developers make this move on their own in due time and not forced by circumstances. Also, it doesn't mean that during this transition, HTTP-only websites won't work anymore in Mozilla products. Legacy support will be provided, with some limitations and for a limited amount of time.
From what the Firefox Security Lead at Mozilla Richard Barnes has revealed until now, the move from HTTP to HTTPS will be done in two major steps. Firstly, a date will be set, after which all the new features will be made available only for websites that have adopted HTTPS. Secondly, some browser features will be phased out gradually for non-HTTPS websites.
Security is paramount
The decision to move from HTTP to HTTPS should have been made a long time ago, but the inertia of the Internet is huge. There are simply too many websites that still employ HTTP, so a concentrated effort is needed.
"It should be noted that this plan still allows for usage of the 'http' URI scheme in legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the 'http' scheme can be automatically translated to 'https' by the browser, and thus run securely. Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon," wrote Richard Barnes.
It's very likely that a timeframe will be put in place soon, so this is not the last time we hear of it from Mozilla. In fact, we should expect to see similar endeavors from other developers as well.