What in your life must have happened for you to actually believe such nonsense? Or do you have a financial incentive of sorts to try to make other people believe it?
1. The technical solution is trivial. You always have encryption, but http=self-signed cert, and no authentication, and no lock icon. https=CA cert, encryption, authentication, and lock icon.
2. There are strong government and corporate interests in being able to filter the open web. This closes the open web.
3. For the first time in my life, I have a comment on Hacker News or Reddit at -4. I've posted much more controversial things before (I do care about anonymity; I do use one-off cypherpunks accounts, so my post history won't indicate things). Good debate was virtually always well-received, up-voted, and not censored. The only exception was here, and one place where there was a strong, clear, well-financed astroturf campaign. That's one datapoint, but overall, the debate on the topic smells of financed astroturf rather than genuine grassroots.
I fully agree with #1, but how do you go from a currently-imperfect solution (which could be improved over the years, moving towards a self-signed cert default solution which by the way we are looking at in http/2) to "the goal is to reduce competition"?
Mozilla is one of the most consumer-friendly companies in the world, and all I can see is you trying to undermine their efforts. Are there issues with the current state of affairs? Sure. Are they at fault?
You've been downvoted because your comment reeks of gratuitous negativity, not because a debate is not welcome.
Step 1: Add support to Firefox for encryption when connecting on port 80. Call this HTTP, but have the protocol identical to HTTPS with self-signed cert. You negotiate that when you connect to the web server.
Step 2: Advertise to the community you'll be deprecating unencrypted on port 80 after 2 years time. Ideally, make patches to nginx and apache such that it's a small config change.
Step 3: Change behavior such that:
1. Port 80+old http+no encryption: Show a small warning
2. Port 80+encryption+self-signed cert: No warning. Also, unlocked padlock. "HTTP" in URL. Behavior as for current unencrypted web sites.
3. Port 443+encryption+self-signed cert: BIG SCARY WARNING.
4. Port 443+encryption+cert without identity: No padlock. HTTPS in the URL, but grey, and unlocked padlock.
5. Port 443+encryption+cert with identity: Padlock. Green. Name of organization. Indicated as trusted.
One of the problems with a push like this is that, aside from preventing open web, it also undermines the meaning of a cert. With initiatives like https://letsencrypt.org/, I a cert means I actually don't know who I'm talking to (at least in a legal sense -- I can identify the entity, and take them to court if they rob me).
To answer your question: I'm actually not too unhappy with the current state of affairs. I'd be more happy with the state of affairs I proposed above. I'm very unhappy with the state of affairs Mozilla proposes. I value an open web more than I do an arguably more secure one.
This stuff ain't rocket science. Mozilla has smart people. If it's being done a dumb way, there's a reason for it.
Cloudflare's free plan has SSL now, which a 10 year could utilize. While that opens up a potential MITM attack, I don't believe it's worse than having no SSL at all (others argue it is, on the premise that it creates a false sense of security).
AFAIK, you can't serve pages from S3 over HTTPS using your own domain name, but https://bucketname.s3.amazonaws.com/ works fine. So if you have some other way of serving your HTML pages, you can include other static assets directly from S3 without triggering browser mixed-content warnings.
