Can somebody tell me why SSL is not required every where on the internet?
I understand that SSL takes up extra cpu cycles for the computation of the encrypted conversation. The days of saving CPUs are over. I have not worked on a project recently where the companies weren't afraid of spending money on more hardware either accelerators or servers. That is usually the easy part.
I think that if companies went ahead and required SSL and digital certificates for every project we would see a lot more use of the technology and better understanding. I am always surprised when I see developers afraid of SSL and with no knowledge of what is actually happening with an implementation.
I know its not a magic pill for security. I am only wondering why a technology that was patented in the 70s is still so avoided.
I think if it was the default mode on the internet we would increase understanding from the developer point of view.
More focus would hopefully drive the tools to improve. I know from experience PKI is tough to manage and can stop a system in its tracks because a certificate expires.
I feel like the magical nature of PKI and encryption keeps the tools in the stone ages as far as management.
Why does Verisign get to charge so much for certificates?