Hi all
In this day and age, you should encrypt everything, not just forms. We do
for anything we implement.
Yes there is an initial handshake to get https going, but after that the
overheads are remarkably low. Eg from five years ago
In January this year (2010), Gmail switched to using HTTPS for everything
by default. Previously it had been introduced as an option, but now all of
our users use HTTPS to secure their email between their browsers and
Google, all the time. In order to do this we had to deploy *no additional
machines and no special hardware*. On our production frontend machines,
SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory
per connection and less than 2% of network overhead. Many people believe
that SSL takes a lot of CPU time and we hope the above numbers (public for
the first time) will help to dispel that.
https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
In January this year (2010), Gmail switched to using HTTPS for everything
by default. Previously it had been introduced as an option, but now all of
our users use HTTPS to secure their email between their browsers and
Google, all the time. In order to do this we had to deploy *no additional
machines* and *no special hardware*. On our production frontend machines,
SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory
per connection and less than 2% of network overhead. Many people believe
that SSL takes a lot of CPU time and we hope the above numbers (public for
the first time) will help to dispel that.In January this year (2010), Gmail
switched to using HTTPS for everything by default. Previously it had been
introduced as an option, but now all of our users use HTTPS to secure their
email between their browsers and Google, all the time. In order to do this
we had to deploy *no additional machines* and *no special hardware*. On our
production frontend machines, SSL/TLS accounts for less than 1% of the CPU
load, less than 10KB of memory per connection and less than 2% of network
overhead. Many people believe that SSL takes a lot of CPU time and we hope
the above numbers (public for the first time) will help to dispel that.
See also https://https.cio.gov/everything/ for general motivation
mark
Mark van Harmelen
phone +44 7830 212 464
skype markvanharmelen
On Thu, Sep 24, 2015 at 7:28 PM, Chris Spray <[log in to unmask]>
wrote:
> Hi, If it is any help, our security team/policy requires that we use https
> for all data input forms on our web pages, sensitive data or not.
>
> Chris
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues [mailto:
> [log in to unmask]] On Behalf Of Phil Bradshaw
> Sent: 24 September 2015 17:01
> To: [log in to unmask]
> Subject: [data-protection] Online complaints
>
> Early Friday question - getting in first
>
> If an organisation is dealing with sensitive issues e.g. health, social
> services is it acceptable to have an online complaint form which uses
> standard http protocol rather than https ?
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands
> can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2015.0.6140 / Virus Database: 4419/10688 - Release Date: 09/23/15
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
