SSL/TLS works pretty well on the technical side, but on the social side, it’s broken, because so many sites (especially small ones) don’t use it, requiring users to send passwords and other private information in the clear. The problem is trying to do two things at once with a single standard:
- authentication of the server’s (and sometimes the client’s) identity; and
- encryption of communications.
There is no question that these are both important goals, but combining them into an all-or-nothing package in browser support for HTTPS has arguably made the web less secure. Generating a local server key for encryption is easy; getting a certificate from a certificate authority is a major hassle (both in time and money) for a questionable benefit (how much verification do CAs really do for ~$100? not much).
If we had separate standards for encryption and authentication, even the smallest sites could encrypt their sensitive browser-server communications as a matter of course, making the web much safer,. especially in the era of public WiFi networks.