The good folks at Google are it again - this time by optimizing the establishment of SSL sessions by tweaking the client side implementation. This is yet another step towards supporting SSL-only web traffic and is another step forward.
I remember back in 2004 / 2005 only a handful financial institutions supported SSL only traffic for their entire web presence. The only one that I am personally aware of at the time was USAA which was probably cost a bit in terms of additional cpu cycles at the their end.
Now as awareness of security and privacy amongst the general public has heightened, the expectation of SSL only has expanded to include email and social sites as well. In fact, for a new site to come on line, SSL only is de jour when there is any personal information being transmitted.
Given, infrastructure support for SSL has come a long ways in the last 5 years - with all the major load balancers and routers now providing embedded accelerators easing administration while relieving the application servers of the additional workload.
Having said that, as The Register points out, SSL is not without its flaws. Though for now, it is much better than good ‘ld plain html and cookies being transmitted down the wire.