Quote:
the whole website should be HTTPS encrypted. there's very little reason not to do this in 2016.
What is this little reason?
Regarding the encription: I get it for the login (which should be save anyway, otherwise we had hacked accounts all the time), account info pages and PMs; but the rest is public anyway, no? Or is it that you don't want people to know what you read on 2+2?
Quote:
Originally Posted by well named
By load I meant computational load (encrypting and decrypting) and not really bandwidth. I'm not sure the magnitude of the difference for the latter, although it's not zero. I would think most of the extra data is in the SSL handshake
All of the extra data should be in the handshake; the encoding itself is done in-place afaik.