Many people who use the web are concerned about privacy, but they are also concerned about web page load times. If improving privacy led to slower websites there might be some attrition that would turn people away from more secure sites.
Now, a new study from Eric Chan-Tin of the Department of Computer Science, at Loyola University Chicago, in Illinois, and Rakesh Ravishankar of the Computer Science Department, at Oklahoma State University, in Stillwater, USA, reveals that the average time taken to load a web page encrypted with standard certification techniques is a mere a few fractions of a second slower (12 per cent slower the load time of an unencrypted page. They explain that a standard, unencrypted page prefixed with http:// takes 2.6 seconds to load compared to the 2.9 seconds of an encrypted https:// page (the s after the http indicates to the browser and to users that the page is encrypted using TLS, transport layer security).
Given the benefits of encryption and this small compromise coupled with the fact that many browsers now flag sites that are not encrypted as not being secure, and search engines lowering the ranking of the latter, there is a need to push for https to be the default instead of http.
There have been problems with some of the certification authorities in recent years where the very core of the encryption system has been accessed by hackers. However, the team suggests that the strength of ten trusted authorities would allow 80 percent of the web to be protected. They are not advocating the use of those ten specifically but do point out that with those and an additional roster, it should be possible to secure almost the whole of the web.
Chan-Tin, E. and Ravishankar, R. (2018) ‘The case for HTTPS: measuring overhead and impact of certificate authorities‘, Int. J. Security and Networks, Vol. 13, No. 4, pp.261-269.