On Sun, 28 Aug 2011, Aristotle Pagaltzis wrote:
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
In January this year (2010), Gmail switched to using HTTPS for
everything by default. Previously it had been introduced as an
option, but now all of our users use HTTPS to secure their email
between their browsers and Google, all the time. In order to do
this we had to deploy *no additional machines* and *no special
hardware*. On our production frontend machines, SSL/TLS accounts
for less than 1% of the CPU load, less than 10KB of memory per
connection and less than 2% of network overhead. Many people
believe that SSL takes a lot of CPU time and we hope the above
numbers (public for the first time) will help to dispel that.
If you stop reading now you only need to remember one thing:
*SSL/TLS is not computationally expensive any more*.
[?]
Also, don't forget that we recently deployed encrypted web search
on https://encrypted.google.com. Switch your search engine!
These comments are pretty funny once you consider that you're making a
"secure" connection to an independent party who has a commercial and
fiduciary responsibility to exploit every bit of data you give them.
With friends like Google protecting your information, who needs
encryption? ;-)
--Arthur Corliss
Live Free or Die
