Perhaps the main reason most of us are not using HTTPS to serve our websites is simply that it doesn't work with virtual hosts. Virtual hosts, which are what the most common cheap Web hosting providers offer, allow the Web host to serve multiple websites from the same physical server—hundreds of websites all with the same IP address. That works just fine with regular HTTP connections, but it doesn't work at all with HTTPS.
There is a way to make virtual hosting and HTTPS work together—the TLS Extensions protocol—but Lafon notes that, so far, it's only partially implemented. Of course that's not an issue for big sites, which often have entire server farms behind them. But until that spec—or something similar—is widely used, HTTPS isn't going to work for small, virtually hosted websites
http://arstechnica.com/web/news/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it.ars
No comments:
Post a Comment