Time to warm up our SSL certs?
QuoteGoogle Weighs Boosting Encrypted Sites in Its Search Algorithm (http://blogs.wsj.com/digits/2014/04/14/google-may-push-sites-to-use-encryption/)
Danny Sullivan, editor of Search Engine Land and host of the conference where Cutts voiced support for encryption, thinks Google ultimately may not favor encrypted sites in its results.
"Rewarding sites for [encrypting pages] in the algorithm would be a huge step," says Sullivan. "It also possibly causes an immediate change by all the wrong sites," he says referring to sites that focus more on gaming Google results than developing good content.
Doesn't make much sense for any site that doesn't require to be logged in, like that article. Still, it'd take away all that nice data that ISPs have about browsing habits...
I don't think there's a compelling argument to encourage the entire web to be behind encryption. For me it'd be interesting to know how much more load it puts on clients & servers.
I think it's premature, but new protocols either require TLS as part of the protocol (SPDY) or require it as a practical matter to avoid issues when passing through legacy switches (HTTP2).
Both SPDY and HTTP2 dramatically lower the cost of secure connections. I don't know if either of those will become popular, but I'm fairly sure that whatever eventually displaces HTTP 1.1 will make secure connections cheap.
As to your question, I found this article while looking into SPDY and I think it touches nicely on the issue of TLS overhead. It's about running SPDY on nginx, so it's maybe not the best answer to your question, but it's an interesting read in its own right. He links to other articles about TLS overhead, but that wasn't *my* question, so I didn't read through to those.
https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/
This is an interesting discussion of the costs of ssl, but again only WRT SPDY
https://groups.google.com/forum/#!topic/spdy-dev/6H4llNox1u4
Quote from: BoL on April 15, 2014, 12:30:30 AM
Doesn't make much sense for any site that doesn't require to be logged in, like that article. Still, it'd take away all that nice data that ISPs have about browsing habits...
I don't think there's a compelling argument to encourage the entire web to be behind encryption. For me it'd be interesting to know how much more load it puts on clients & servers.
Not a lot :
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html