Why it took them so long. I've got that improvement (packed w/ 20 others) from Better GMail 2 FireFox extension. My favorite improvement is Folders4GMail - label/sublabel get organized as folders. - Nenad Nikolic via twhirl
Nenad: There are good reasons due to SSL performance costs, specifically latency and to some extent concurrency. You can negatively impact user experience by using SSL naively. Security-conscious users like yourself won't care about the added performance cost, but the other 99.99% will. - Steve Weis
I wonder what Gmail is using for their SSL acceleration - AJ Batac
"don't always use https"? that doesn't make sense! now if they said "Use https every time" and "60% of the time use https every time" that would be much easier to understand... :) - David Vasileff
It should be a checkbox. As for why not use ssl -- browsers are really dumb about caching with ssl, so for people with slow, high-latency internet connections, it could be really painful. The actual computational cost of ssl isn't that big of a deal -- it's not the 90s anymore. - Paul Buchheit
@Steve I fully agree with you. It may be the case that Google neede to scale up their infrastructure prior to making HTTPS widely available as "set-and-forget" option. This will definitely increase a number of SSL users by (at least) two orders of magnitude. Maybe they deployed SSL server farm based on quantum cryptography? ;-) - Nenad Nikolic via twhirl
N: I doubt this will increase the number of SSL users significantly. Most people (rightly) have no idea what SSL is and will never know this option exists. Everyone reading this operates in a bubble, so we're not a typical demographic. When G enables SSL by default, that's a different story. (ps - Quantum? I'll have some of what you're drinking. ) - Steve Weis
I thought the slowdown with SSL is not the encryption itself, but that each connection requires lots of overhead to negotiate. - Gabe Schaffer
@Gabe, for persistent HTTP connections, the overhead would be in encryption / decryption, right? Of course, I have no idea exactly how much that is quantitatively. - Ashwin Bharambe
@David, "Use https only when typing your password" wouldn't fit. - Bruce Lewis
If they wanted to make it easy, always https should be default. - Colby Olson
Paul, does Gmail use persistent HTTPS connections? How often are new connections made for things like new windows, attachments, graphics, etc.? - Gabe Schaffer
About time.. Too bad it breaks the Blackberry Gmail app :( - Marc Chung
@Marc - YES! I had the same problem, but something I didn't try was turning on HTTPS on the BlackBerry App? It's in the settings "More..." then "Settings" - let me know how it works out for you and I'll turn it back on (amyers@gmail.com) - Aaron Myers
Gabe, what do you mean by "persistent"? There's all the usual HTTP keep-alive and such I'm sure, and chat does a new request maybe every minute, so there's probably almost always one or two connections from every browser. The big problem with SSL is simply that connections take a long time to establish (due to the extra round trips) and that web browsers don't properly cache https content. - Paul Buchheit
