I often write in to Steve Gibson to ask questions, provide feedback, or just rant about a security topic. While I have received responses a few times, most go unnoticed due to the volume of feedback Steve receives so I've decided to repost all my feedback to Steve here on my blog.

In response to a comment by Shawn Polson of Middletown, Delaware, Steve and Leo revisit the idea of encrypting all network connections. Shawn states that SSL shouldn't be used everywhere for efficiency reasons since SSL connections are not cached locally nor by proxies. While he makes a good point, Shawn's is not a technical limitation but just an economical issue of bandwidth. Steve and Leo continue on by clarifying their point that it's more of a general wish that all connections for email, web etc are encrypted, not specifically SSL. I agree that all connections should be secure, and Shawn is also right that there will be a bandwidth hit if content is not cached. With that said, I think it should be noted that there is also a technical reason why you can't enable SSL on every site and it has to do with a limitation of name based virtual hosts.

SSL breaks name based virtual hosts

Name based virtual hosts is a very popular feature in web servers that allows multiple website domains to share a single IP address and port. For example, http://kylehasegawa.com and http://twitmap.org are on the same IP address. This is an important feature for hosting since 32bit IP addresses are in short supply. How name based virtual hosts work is when a request is made for a specific site, the web server checks the domain name in the HTTP header then serves the web page configured for that name. The problem is that SSL and name based virtual hosts are incompatible due to the nature of SSL. When SSL is used, the web server is unable to read the HTTP header so the web server serves the default virtual host instead of the requested one. Since the number of domains on the web is constantly growing and the number of IPs is static, it's technically impossible to encrypt all web connections using current web protocols.