Firefox 37: Opportunistic Encryption (OE) better than HTTPS?

Mozilla rolled out Firefox 37 earlier this week with support for opportunistic encryption (OE), sort of a bridge between none encryption (clear text) and full HTTPS encryption. It attempts to encrypt the communications channel otherwise falling back to unencrypted communications.

Albeit, It will not afford protection against an active man-in-the-middle attack compared to HTTPS. OE provides unauthenticated encryption over TLS for data that would otherwise be carried via clear text.

Opportunistic encryption does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory.

However, users, can at least get a modicum of protection from passive surveillance (such as NSA-style data slurping) with OE supported sites, as Firefox support is only half of the equation for opportunistic encryption.

According to Mozilla developer, Patrick McManus, website owners will still have to enable support on their end for the feature to work, and has outlined two-steps to get up and running with OE.
Next Post »