I’m trying to figure out Mozilla’s reasoning for attempting to move to SSL everywhere.
I don’t buy their justification that it is to make users more secure. This is only a marginal concern for them I believe.
My guess is that since SSL and setting it up is rather difficult (and impossible for the average user) that it’s a covert attempt to make it harder for non-advanced users to avoid cloud services and large corporations. It’s an effort to push more people into NSA-friendly data centers and cloud “solutions.”
Having wasted too much of my life on dealing with SSL and its issues as an IT professional, I can tell you that the average user stands no chance of configuring it correctly.
So they won’t bother.
Not everything needs to be encrypted. It often offers no benefit and only additional complexity and compute overhead (and it’s therefore slower), but like IPv6 it’s something pushed by clueless engineeritis infectees despite being the wrong solution to an irrelevant problem. In most cases, anyway.
One of the benefits of the web — and what caused it to grow so explosively — was its openness and just how easy it was.
Requiring HTTPS everywhere is yet another step in the long path to destroy all that.