The Move to HTTPS…There is Good and Bad


Adding one little letter should be easy!!

Adding one little letter should be easy!!

There is a large push for all websites to move to HTTPS, instead of the traditional HTTP. Although there is just one letter difference, it’s a big move…ultimately affecting 10’s of thousands of websites, including the one you are reading now.

Why the big push? Security!!  (Hence the letter “S” in HTTPS.) Is this really necessary? Do readers care if my static website blogs are sent in plain text? Should I have to worry about fixing a BUNCH of links in my website? Ugh…and it begs the question…is it even worth trying to fix?

I could write a large blog on the pros and cons of HTTPS, but I don’t have the time or energy, and I doubt it would be that good. However, Ars Technica already did…today in fact. I would encourage you to read HTTPS is not a magic bullet for Web security, by Scott Gilbertson! He did a great job of detailing out the reasons for the move to HTTPS, as well as reasons not too….it will make you think.

As for me…I have a feeling I will be moving to HTTPS one of these days. Probably sooner rather than later.

And…let’s be kind to one another.

2 thoughts on “The Move to HTTPS…There is Good and Bad

  1. Shane Killen

    Interesting subject for sure. This will also begin the question of whether to inspect outgoing HTTPS, which a lot of companies are not doing. I know Check Point, Palo Alto, etc have the capability to do so, but once you turn on HTTPS inspection, it directly affects the performance of the box. So, IF everyone starts to move to HTTPS on their websites, then HTTPS inspection for leaving company traffic will be a “have to”, which leads to other decisions the IT department will have to make. Such as can the firewall handle the performance hit, etc, etc.
    Interesting post for sure. Thanks for bringing this up.

    1. sr71rocks Post author

      Yep, good point Shane. We just recently rolled out HTTPS inspection utilizing a solution from Websense. It is NOT a simple “check box” and forget about it…you have to be careful about what you do inspect, and what not to inspect (such as banking, etc). It was a pain to setup and get fine-tuned, plus there are a number of sites that just do not play well with mid-stream inspection. We checked several different solutions, and they all seem to have the same complexities. Ugh…some days I miss the plain, static, websites of the mid-90’s.

Comments are closed.