The case for HTTPS: measuring overhead and impact of certificate authorities Online publication date: Mon, 01-Oct-2018
by Eric Chan-Tin; Rakesh Ravishankar
International Journal of Security and Networks (IJSN), Vol. 13, No. 4, 2018
Abstract: The popularity of the web is indisputable. With revelations about mass surveillance, the use of secure web through TLS connections is needed for privacy. However, the pushback against enabling secure web connections by default is due to increase in communication time. We quantify the communication time for HTTP and HTTPS download times for the most popular websites. The average download time over a HTTP connection is 2.604 seconds while the average download time over a HTTPS connection is 2.937 seconds. The overhead in using encryption is 333 milliseconds (about three roundtrip times on the internet) or 333/2,604 = 12.78%. We thus make the case that HTTPS should be enabled by default due to the low communications overhead. With the recent hacks at certificate authorities, we also quantify which certificate authorities are most popular on the internet. By trusting ten certificate authorities, a web browser can access almost 80% of HTTPS websites.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com