Why use ssl certificates

why use ssl certificates

There are a number of reasons not to use SSL, none of which being a good reason in itself, but cumulatively they can explain a lot of things.

The main reason not to use SSL is an effect of the strongest force in the Universe, i.e. laziness. However easy setting up SSL is, not setting it up will still be easier. This alone explains why so many sites still use HTTP only, not HTTPS. A great many sites can get away with it, and not being attacked, because there just are not enough attackers around to attack every site, by a long shot (and attackers are no less lazy than everybody else).

Among other reasons, one can cite the following:

Hosting several HTTPS Web sites with distinct names on the same IP address has long been difficult, especially when the various sites don't know each other (either the server uses a certificate with all the names, but this can result in apparent and unfortunate associations, or the server relies on SNI. which does not work with Internet Explorer on WinXP).

SSL prevents some types of caching, in particular the

transparent proxying that some ISP are quite fond of. This implies extra bandwidth requirements for the server (hard data on the increase is difficult to come by, and depends on the site type; for instance, a Web-mail interface like Gmail would be unlikely to benefit from heavy caching anyway, contrary to a picture-heavy site).

In (much) older days, HTTPS Web sites were not indexed as thoroughly as non-SSL sites, resulting in a widespread idea that you get better indexing by shunning SSL (that one has been wrong for quite some time now, but old ideas are hard to eradicate).

Some people still have the feeling that SSL implies a heavy computational cost (that one isn't correct either, but still common).

As an ironic twist, some people fear that using SSL would project the impression that they do care about security, thus increasing the reputation backlash if (when) they get hacked. The idea being that if you never claim or let it believe that you ever gave any attention to the concept of security, then maybe people will be more indulgent when they discover how much indeed you disregard it.

Source: security.stackexchange.com

Category: Insurance

Similar articles: