Major browsers to block some plain-HTTP downloads on HTTPS sites
Posted: Thu Apr 11, 2019 6:05 pm
https://www.zdnet.com/article/google-ch ... downloads/
Is this really a significant security advantage?
To me, this would only be an annoyance. I've only ever seen such downloads in legitimate contexts, e.g. Basilisk browser. And in the case of Basilisk, they have checksums on their HTTPS site, so a MitM wouldn't be able to tamper with the download without being noticed.
Is this really a significant security advantage?
To me, this would only be an annoyance. I've only ever seen such downloads in legitimate contexts, e.g. Basilisk browser. And in the case of Basilisk, they have checksums on their HTTPS site, so a MitM wouldn't be able to tamper with the download without being noticed.