Slow and Steady wins the race.
Aesop, The Hare and the Tortoise
Here’s reinterpretation of the old fable. Secure and SPDY wins the web. Have you noticed that gmail is served over HTTPS and yahoo over HTTP, and yet, for all the overhead of HTTPS, gmail feels faster than yahoo mail?
Most Indian e-commerce companies have been slow to adopt SSL. And if you don’t want to, there are a plenty of reasons. In addition to the amount you pay to your CA for a certificate, SSL requires extra computing capacity and increases bandwidth used, and is likely to slow things down. Then of course, there is this issue of SSL’s model being broken, because CA authorities will satisfy anyone and everyone, for as low as $9 an year. Finally, there is this question about percieved value of SSL. Do customers really care. If repeated disclosures about companies keeping their passwords in plaintext is an indicator, it seems they don’t. Bookmyshow is another case in point.
We care about speed, and we care as much about security. And for quite some time, the two have been longer conflicting goals. Enter SPDY, and this is true no more. SPDY is a protocol being championed by Google as an improvement, a next generation HTTP that employs multiplexing and request pipelining to speed up page load times. Its now an Internet Draft, and there is a decent browser support. Google Chrome (which is more than 50% of our traffic), and Firefox, and then Opera, have all announced support.
SPDY is easy to implement, nginx SPDY support has been recently announced, and there is a good deal of browser support, yet there aren’t a lot many sites using it. Google Services like Mail, Twitter and the CDN service cloudfare are the only well known names to support it. Today, I am pleased to announce that we are supporting SPDY in our own CDN. (Yes, we use our own CDN which costs a fraction of what some of our competitors use , at half their latency. I will back this up in some future post.)
So starting today, https://www.urbantouch.com is SPDY enabled. Our tests show that it is only 30-35% slower than the HTTP version. Unlike others, we don’t restrict HTTPS to my account and checkout pages. That, according to us is the future of the web. If you shop at urbantouch.com, I encourage you to use the https version from now on.
PS: Unfortunately, there is no easily visible indication of a site being SPDY. But chrome users can head over to chrome://net-internals/#spdy and see which connections are SPDY. Open https://www.urbantouch.com in a tab , and then check that chrome link. You will see the cdn1.urbantouch.com domain in there.