HTTPS is great

here’s why everyone needs to use it (so we can too)

By Clint Ecker, Kurt Mackey

This past weekend we ran a piece from Wired that looked at the issues surrounding unencrypted HTTP traffic and wondered why all websites aren’t shipped over HTTPS by default. The article puts forth an interesting premise—the wholesale encryption of all HTTP traffic—and lists a number of reasons why this hasn’t happened yet.

The only problem is that many of these issues, mostly technical in nature, are red herrings and can be easily handled with cleverness by an engineering team focused on transmitting its entire application over an encrypted channel. The real issues begin to arise, however, when your application must include assets served by servers which also do not support SSL. We’re going to go over a number of the issues raised by the article, correct some of the more specious arguments, explain how an organization can work with the real constraints, and give some insight into what we consider to be the real barriers to wholesale HTTPS encryption of the Web.

Read More>>

Comments are closed.

%d bloggers like this: