Adam Langley, an engineer on Google’s Chrome team, wrote a blog post last summer titled Overclocking SSL. Adam argues that on today’s hardware, SSL connections are not computationally expensive, and showed us some statistics from GMail’s switch to HTTPS by default. He doesn’t go so far as to outright encourage other sites to do the same for their users, but the message is strongly implied.
Last week, Lori MacVittie of F5 wrote a blog post (which was at least partially a response to Adam’s post) entitled Dispelling the New SSL Myth, in which she argues that SSL is only inexpensive if you use 1024-bit certificates and easier-to-crack ciphers like RC4. She also goes on to mention the other costs of SSL: certificate costs, loss of protocol transparency (and thus the ability to route/block traffic), and logistics such as virtual hosting problems with SSL (even though this last problem has been partly fixed by SNI).
Yesterday, Adam responded with another post, Still not computationally expensive. He makes some good observations about Lori’s points, and then points out why 1024-bit keys and RC4 are good enough for most sites - especially considering the expense of cracking them when compared to other avenues of attack.
While it’s interesting to watch this back-and-forth, I sincerely hope people pay more attention to Adam’s posts. At best, Lori’s points sound like she’s arguing that no solution is better than a most-of-the-way solution. At worst, it sounds like she’s saying that SSL isn’t worth it without F5’s products. Three months after FireSheep embarrassed Amazon, Facebook, and other websites containing users’ personal information, that kind of stance just harms the internet as a whole.