I am looking at forcing HTTPS encrypted access at some point. The best way probably involves using ECDSA encryption instead of RSA. Most sites, by far, use RSA. I believe BitCoin uses ECDSA.

Advantages of ECDSA:

  • It would allow me to encrypt communications with all of my sites without having to maintain separate certificates for every site, which is a royal pain and more expensive.
  • No one has figured out how to break it, assuming it is properly configured.
  • Lower bandwidth and faster.


Disadvantages

  • The content of the communications are encrypted; but the name of the site is not -- at least in the way I would use it. I don’t think this is a great disadvantage as far as using it in a casino location as you would expect people around a casino to be browsing sites like this.
  • ECDSA is newer and not supported by IE on Windows XP. Although, XP users could install Chrome. Also, the Android browsers prior to V4 don’t support it, although TapaTalk probably will with some changes. Currently, about 90% of U.S. usage is via browsers with ECDSA capability. The rest of North America, South America, Europe, Northern Africa, and Australia hover around 94%. So, we might want to wait a bit longer.


Thoughts on methodology or whether or not it makes sense at all to force access by HTTPS are welcome.