Half and Half
I kind of agree with the concept, but I disagree with the proposed enforcement.
1. Google doesn't define the Internet standards, that's what the RFC's and standards bodies are for. Both HTTP and HTTPS are valid standards.
2. Not everything needs HTTPS. The webmaster will know what their data is and its value, For example public data is already public so why hide it during transmission ?
3. Not every webmaster will understand HTTPS, so the risk of badly configured SSL will be higher.
4. This will bring extra cost and management overhead, which will be unwelcome for those who run small sites on low budgets (personal blogs and micro-sites etc).
5. I expect that there will be many expired certificate warnings exactly 1 and 2 years after they switch this on ?
6. Hosting companies will charge extra as they will get a higher CPU load dealing with the encryption in software, which means lower consolidation densities.
7. Adding HTTPS to badly configured server doesn't make the information within it secure, so claiming the site is "secure" is misleading, as is claiming that a site hosting public info is insecure just because it runs over HTTP.
Obligatory link to the Qualys SSL checker
I wonder how many "ordinary webmasters" would know what to do about the deficiencies stated for a specific site. Suddenly the knowledge bar just got a lot higher. Many wont spend the time to learn and fix, they will just stop when google says "Green Circle"
Biting the hand that feeds IT
