dstiles - 10:05 pm on Mar 22, 2012 (gmt 0)

A while ago FF dropped G completely. It seems G then offered money...

The problem with https is that it puts a lot more strain on the server. Everything has to be encrypted before being sent, even the images (unless you want browsers telling their users that the page contains non-SSL content, which could frighten people away.

A lot of DIY web site owners now run straight-from-camera images onto their sites, relying on browsers re-sizing the image on receipt. Very bad all round, but the perpetrators are generally ignorant of the logic behind image control and I suspect some CMS systems don't mention it anywhere obvious. But imagine the server load if those people went SSL - and YOUR computer load as your browser decrypts the images! I've seen whole ecommerce home pages littered with dozens of such images; most (all?), so far, non-SSL.

Aside from that is the cost of SSL certs. If you want a good one it costs. If you settle for cheap ones then the root cert may be compromised by site hijackers and used for exploits: the root cert then gets revoked from the browser's store and there is the hassle of a) moving to another cert supplier or b) relying on all browsers getting a new root cert PDQ. As has recently happened.

Sadly, we seem to be gradually forced down the SSL route.

And also sadly, SSL is not unbreakable. Exploiters are already working on this, with some success as far as I understand.