HTTPS considered harmful

If a website is served over HTTPS, this should be a good list of features to try out and improve end-user performance. Many major websites have already leveraged these technologies and have seen great results. Based on your existing infrastructure, the level of complexity for implementing each of these features may vary. But the general awareness is more important and will help us plan accordingly for the future.

At eBay, we are very excited about the possibilities that HTTPS has opened up. With the adoption of modern technologies that come with HTTPS, our web platform is now ready to build the next wave of compelling user experiences. Cheers to a secure and innovative future.

Beyond HTTPS (cache)

I strongly disagree today, it wasn’t the case six years ago. Vincent reminded me a few months ago about the inherent fragility of HTTPS and how centralized that system is. Nothing new but sometimes you need a little discussion to realize how critical it actually is.

Encouraging everybody to switch to HTTPS promotes strong dependency to a third-party mafia, increases load time, makes your content inaccessible if you have any trouble reconducting your certificate, avoids migrating easily from one hosting platform to another, forces upgrading on a lot more security issues if you are hosting yourself. Even worse, when you switch there is no harmless turning back! That’s not the Web I’m aiming for.

“Sharing is learning” was my conclusion at that moment. Please prove me wrong.

PS: I always dreamt about publishing a note “X considered harmful”, achievement unlocked!

Edit: see the follow up.