2015 To Be The Year Of Https Everywhere
From the looks of things 2015 is set to be the year of HTTPS everywhere (well more places than ever before).
There are several key influencers that combined will drive a significant increase in the use of HTTPS during 2015:
- The Let’s Encrypt Project
- Proposed Browsers Interface Changes
- The Ranking Factor
- SNI and Windows XP
We will look at each of these in turn but it is interesting to note that each of these except SNI are in some way a response to the ‘Snowden Revelations’.
The Let’s Encrypt Project
The Let’s Encrypt Project is an interesting project backed by a number of interesting names including the Electronic Frontier Foundation (EFF), Cisco, Mozilla and others.
Borrowing words from the projects homepage
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
In a nutshell it’s going to simplify setting a site up to use HTTPS and the proposed protocols are useful for both small or large sites.
For small sites the protocol will make setting up HTPPS trivial.
For larger sites the protocol can help reduce certificate validity periods which reduces the overall ‘blast radius’ of a compromised certificate.
Proposed Browsers Interface Changes
There is a proposed change been considered to change how browser interfaces communicate none-HTTPS sites to their users.
Whilst only recently proposed it appears to be a sensible approach to take and moves the web off it’s current dependence on insecure transport layer.
Sir Tim Berners-Lee has highlighted the importance of the current push to HTTPS whilst defending the original dissuasion not to include it by default at the inception of the world wide web as we know it.
The Ranking Factor
Back in August 2014 Google announced that they where going to look explicitly at HTTPS and use it as one of their raking signals.
This puts HTTPS back the radar of the army of SEO consultants.
Personally I suspect this is in response poor advice often dished in the name of SEO to shy away from HTTPS because it’s ‘slow’ which has upset engineers at Google.
As an example Ilya Grigorik (Web performance engineer & developer advocate @ Google) maintains the isTLSfastYet.com site which explains how to tune TLS (the protocol used to secure HTTPS web requests).
SNI and Windows XP
With official support for Windows XP closed in 2014 we are likely to see the existing install base continue to decline in 2015.
This is important as XP had limitations in its SSL/TLS stack including not supporting the Server Name Indication (SNI) extension.
SNI means multiple HTTPS sites can be hosted on a server with the same IP address.
Continuing to support Windows XP without the SNI extension can get costly with some providers charging monthly fees of around $600 per domain.