This whole HTTPS and Google’s push to encrypt (or weaponize depending on your perspective) is back on people’s lips again. I’m a little late to the party of course since I have been out of the country so many times in the last three months that blogging has been a distant thought. With all of this talk, I’m left to wonder if the uproar has any merit. You’ll remember, I’ve spoken about this before; actively discussing Dave Winer’s commonly cited reason why sites don’t need to move to SSL.
I moved to encrypt cwl.cc for a number of reasons, and maintaining it has been fine and much less of a pain than you might think. I’ve had to renew and update the certificate, and it wasn’t painful enough to really complain about the process.
Well, Dave is back with a podcast and a bunch of blog posts about the subject. As I listen to this, I’m most often shaking my head. I mean, he’s clearly looking for a conspiracy angle and generally has an air of “Get off my lawn” (for Eastwood fans). But, most of this is just ranting (and hey, that’s ok).
Oh, and then he talks about how HTTPS is such a new thing, and that HTTP is being screwed with and the protocol is being “fucked with”. This is just so wrong on so many fundamental levels. On a basic level, we’re moving to a different port (443). But, what else is fundamentally changing here? Are we writing sites in some newfangled language now? And, this idea of being forced seems so dumb because I don’t see why sites don’t just offer both encrypted and non-encrypted (It is possible to fetch HTTP from my site).
He cites the idea that Google wants to move to HTTPS because it’s so highly linked to advertising revenue. Will Google ship a browser that won’t load unencrypted websites? Surely neither I nor Dave knows the answer to that question, but it seems incredibly unlikely that Google wants any large (or small) swath of the Internet to not work. Doesn’t making money with ads actually require impressions? Do you think a company that depends on websites displaying would want to stop displaying 30% of them in a browser it controls? For Dave, this idea seems reasonable.
So, Dave Winer is wrong I think. I don’t want to pick apart everything he says (some of it is whining of course), and I’ve disagreed with him before. Here again, I disagree with him on most of his ideas and crazy links to “book burning”.
The one big idea he seems to be leading himself into, but misses is web maintenance (in general). There is no fancy voodoo behind maintaining HTTP or HTTPS sites, but the very biggest problem with the web is what happens to the stuff we leave behind when we’re gone. Think about that. Your SSL certificate is going to expire, causing errors. Then, not paying your Amazon hosting bill, they’ll cut off your web host. Then, the domain renewal will expire and the domain will be passed back into the ether. The overall web in general is really shitty at keeping things around without some sort of regular maintenance.
I’d sure love someone to fix that.