Google is beginning to support queries over SSL. Although SSL does have its weaknesses, not using SSL is an instant fail for the user. This is a step in the right direction.
https://www.google.com/
Google Online Security Blog: Extending SSL to Google search
-Michael Coates
The biggest weakness of SSL is that it is not free for the provider. There are often monetary costs involved, and there are always administrative costs which are an inherent part of the system (trust has to cost something).
ReplyDeleteI would love it if every site could run over https, but not when it acts as such a significant barrier to entry.
Yes, the cost involved can be a problem. Granted a single certificate can be as low as a few bucks, but to roll out SSL enterprise wide can result in significant costs for certificates and management.
ReplyDeleteTake a look at Password Authenticated Key Exchange (PAKE) as an interesting and free alternative to SSL.
I think SSL site security is vital to practically every online site and business. Regarding cost, you should perhaps consider GlobalSign who are notably cheaper than other authorities such as VeriSign. On top of this you can visit fantastic resellers such as SSL247.co.uk who offer Low Cost SSL Certificates and all of which are at least 10% below the rrp. I hope this helps.
ReplyDeleteGoogle's initiative is definitely step in the right directin. What is now needed is for more sites to provide HTTPs and web browsers to prefer this protocol. But how can a web browser know the website suports https. What about using SRV records to indicate the availability? See my blog post (http://blog.jirasek.eu/2010/07/qualys-ssl-research-and-lessons-learned.htmlu) about it. What do you think?
ReplyDelete