Long-term, the web should all be HTTPS. Processing power is there. Bandwidth is there — even on mobile platforms.
For me, there are two big and outstanding issues to getting everything on the web moved over to secure transport — streamlining the price and procedures for transitioning http to https.
There are so many sites, like all of mine, that aren’t making the owner any money and are done as hobbies, test grounds and labors of love — sometimes all three simultaneously. While https has very little downsides on the surface, you’re not going to get people running little sites to pay for a certificate. The cheapest certificate at a place like GoDaddy runs $62.99 at the time of publishing this article. This is a huge premium to a lot of site owners who are paying somewhere around that number for hosting and the domain registration.
Enter projects like Let’s Encrypt. In public beta, the project focuses on no-cost SSL certificates. They don’t have the same level of verification as a certificate you pay for, but for the majority of web sites that aren’t e-commerce, it does the job. Its downfall is the next category.
As soon as I heard about the Let’s Encrypt project, I jumped to get my sites setup. Sadly, as it currently sits, it’s over my head — and I consider myself pretty technical when it comes to web technologies. This part will come with the Let’s Encrypt project, and others. But it’s not there yet.
Back on the more traditional SSL certificate purchasing and installation process, it’s still also pretty technical. I’ve minted many SSL certificates in my 16 years as a professional web developer, and each provider and each server is slightly different every time. This too will come.
Even as old and mature as the Web is, in a lot of ways, it’s still in its infancy when it comes to security. Smart people are trying to make it better. We’ll get there.
Even the U.S. government has acknowledged the need for secure web connections:
The HTTPS-Only Standard
That’s not necessarily a good thing in terms of getting this done and done right, but the acknowledgement is a positive for the fact that it’s on the radar for a lot of people.