This past weekend we ran a piece from Wired that looked at the issues surrounding unencrypted HTTP traffic and wondered why all websites don't use HTTPS by default. The article puts forth an interesting premise—the wholesale encryption of all HTTP traffic—and lists a number of reasons why this hasn’t happened yet.
The only problem is that many of these issues, mostly technical in nature, are red herrings and can be easily handled with cleverness by an engineering team focused on transmitting its entire application over an encrypted channel. The real issues begin to arise, however, when your application must include assets served by servers which also do not support SSL. We’re going to discuss some of the issues raised by the article, correct some of the more specious arguments, explain how an organization can work with the real constraints of HTTPS, and give some insight into what we consider to be the real barriers to wholesale HTTPS encryption of the Web.
Read the comments on this post
Vinessa Shaw Rebecca Romijn Nadine Velazquez Pink Mila Kunis
No comments:
Post a Comment