I was admittedly
less than enthusiastic when the news about this first brewed several months ago. I'm glad you were able to pull this particular transition off without major disruption...but HTTP is the foundation of the open web and I've been very uncomfortable with the popular charge away from it.
Right now, site authors everywhere seem to be in a mad scramble to force HTTPS on visitors because Google has been threatening to
downrank their websites in search results and
flag them as "insecure" or "defective" in Chrome if they don't. It's disturbing that any company, much less an advertising company with a very dubious ethical record, has that kind of power. It's also disturbing that we're heading towards a web where the authority for validating a website is placed
not with the site author,
not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.
My other major concern with HTTPS is its epidemic of backwards-incompatibility. It wouldn't be so bad if HTTPS were a stable protocol that never changed, like HTTP...
or if most servers behaved as they are supposed to, and go down a list of compatible protocols (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0, SSL 2.0) to negotiate a connection that's compatible with the client. Sadly, that's not the case: Just a few days ago,
RetailWatchers rolled out an implementation of HTTPS that appears to work with TLS 1.2
only. TLS 1.2 didn't even
exist in most browsers five years ago...and if you try to visit their board on the
most up-to-date releases of Firefox or SeaMonkey for Windows 2000 or PPC Macs, it'll look like this:
Groceteria fortunately doesn't have the same problem...for now. But I fear that Google will decide to flex their muscles and target multiprotocol-compatible HTTPS websites next, in the interest of coercing everyone to use Chrome on Windows 10 or an Android phone.
(Anyway, my chest feels lighter now...)