The HTTPS Everywhere Future

Posted on by Keefr

HTTPSLong-term, the web should all be HTTPS. Processing power is there. Bandwidth is there — even on mobile platforms.

For me, there are two big and outstanding issues to getting everything on the web moved over to secure transport — streamlining the price and procedures for transitioning http to https.

Price

There are so many sites, like all of mine, that aren’t making the owner any money and are done as hobbies, test grounds and labors of love — sometimes all three simultaneously. While https has very little downsides on the surface, you’re not going to get people running little sites to pay for a certificate. The cheapest certificate at a place like GoDaddy runs $62.99 at the time of publishing this article. This is a huge premium to a lot of site owners who are paying somewhere around that number for hosting and the domain registration.

Enter projects like Let’s Encrypt. In public beta, the project focuses on no-cost SSL certificates. They don’t have the same level of verification as a certificate you pay for, but for the majority of web sites that aren’t e-commerce, it does the job. Its downfall is the next category.

Procedure

As soon as I heard about the Let’s Encrypt project, I jumped to get my sites setup. Sadly, as it currently sits, it’s over my head — and I consider myself pretty technical when it comes to web technologies. This part will come with the Let’s Encrypt project, and others. But it’s not there yet.

Back on the more traditional SSL certificate purchasing and installation process, it’s still also pretty technical. I’ve minted many SSL certificates in my 16 years as a professional web developer, and each provider and each server is slightly different every time. This too will come.

Conclusion

Even as old and mature as the Web is, in a lot of ways, it’s still in its infancy when it comes to security. Smart people are trying to make it better. We’ll get there.

Even the U.S. government has acknowledged the need for secure web connections:
The HTTPS-Only Standard

That’s not necessarily a good thing in terms of getting this done and done right, but the acknowledgement is a positive for the fact that it’s on the radar for a lot of people.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

23 Mar
2023

Two of my favorite things in one: Back to the Future and front end development – specifically CSS. There’s no JS — even for the flux capacitor’s fluxing.

Animated CSS-Based Back to the Future Flux Capacitor

Apple Time Machine
14 Jun
2019

Like any software, Apple’s Mac OS’s Time Machine started out with pretty humble and simple beginnings and soon expanded into a better product, with more robust features, nuances, and arguably better reliability.

The History of Apple’s Time Machine

CSS Icon
09 Nov
2018

CSS Tricks continues to be my favorite and go-to for all things CSS and front-end. Years ago, I discovered the […]

Calc() CSS Function to Change Hero Height

06 Dec
2017

The latest Safari Tech preview adds the ability to have MP4s in img tags. If this catches, on it means we can keep animations on the web, but lose all the downsides of animated GIFs.

Safari Tech Preview Allows for MP4s in img tags

10 Nov
2017

Here’s a piece I wrote on my Clean dev team all attending the 2017 All Things Open Conference here in Raleigh, NC and our experiences and takeaways.

Clean Dev Team Attends All Things Open 2017 Conference

10 Jul
2017

A guy on my team today shared this, and I had to immediately share as well. Regular Expression (RegEx) is […]

Online Regular Expression Tester / Debugger