So 2015 will be the year of HTTPs/SSL/TLS. Chromium, the project behind Chrome, is making plans to mark HTTP connections as “non-secure” .
We propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security. – Chrome Security Team
If Eff.org’s efforts to offer free SSL certificates pays of, the step to change HTTP to HTTPs for site owners may be just a little smaller. But running an HTTPs site is not without dangers , as bad implementations can knock your site offline.
This move seems to fit Chrome’s plan to push the SPDY/HTTP2 forward, as it’s built on TLS connections. But at what cost?