SSL/TLS works pretty well on the technical side, but on the social side, it’s broken, because so many sites (especially small ones) don’t use it, requiring users to send passwords and other private information in the clear. The problem is trying to do two things at once with a single standard:
- authentication of the server’s (and sometimes the client’s) identity; and
- encryption of communications.
There is no question that these are both important goals, but combining them into an all-or-nothing package in browser support for HTTPS has arguably made the web less secure. Generating a local server key for encryption is easy; getting a certificate from a certificate authority is a major hassle (both in time and money) for a questionable benefit (how much verification do CAs really do for ~$100? not much).
If we had separate standards for encryption and authentication, even the smallest sites could encrypt their sensitive browser-server communications as a matter of course, making the web much safer,. especially in the era of public WiFi networks.
Quoderat 
Don’t forget another factor: encryption requires a protracted handshake and lots of CPU cycles. The peak simultaneous request rate that a webserver can handle is typically three orders of magnitude greater for unencrypted connections than for encrypted ones.
Since each connection has to be encrypted invidually, you can’t just throw cheap machines doing reverse proxy duties at the problem either – the easiest to maintain and most cost effective way to scale a service. You need big, expensive hardware, because servers pushing encrypted content down the wire end up CPU-bound, not I/O-bound.
For low-volume sites, the problem isn’t even on the radar. But for small outfits running sites with moderate but not insignificant traffic, it is a serious concern. You have to choose carefully how much content is served securely; encryption unfortunately isn’t free.
That’s a great comment, Aristotle — thanks. I would have expected to see a difference of around one order of magnitude, not three. Can you point me to a good source where I can get more performance information?
I wish. 😦 I’m afraid it’s not a subject of direct interest for me. I remember the figure because I was impressed by the discrepancy every time I saw a mention in an article in iX (or maybe c’t; they’re the two German computer magazines). I at least skim almost everything they write about, whether it’s of direct interest or not. This number came up at least thrice over time. Shame that I don’t have the first clue where to go looking for a citation… 😦
It would be in German anyway, but it would provide a starting point at least, whereas all my attempts to wrestle something out of Google were in vain. The obvious keyword combinations result in a sea of vendor ads and product whitepapers, but nothing of value.
Without identity information provided by authentication, who are you encrypting to?
If you think I’m being needlessly Socratic, see http://www.evilscheme.org/defcon/ .
See CACert.org
Pingback: protocol7 » Blog Archive » links for 2006-12-04