why isnt all IP traffic secure?

When I log in to Yahoo! mail-there is an option to log in securely. Seems like a dumb option, who wouldn’t want to log in securely? When I logged into this board my Mozilla browser warned me I was sending unencypted info that a third party could view. Of course, I wouldnt be too concerned if someone found out my Sraight dope password-but an email account password would concern me. Frankly, it would seem to me that ALL internet traffic could/should be secure. Does anyone know if there is some severe limitation on secure traffic performance, or what the reason is for most traffic being insecure?

Basically, ‘more secure’ means ‘slower.’ With today’s processors, the speed hit is often unnoticable, but it would probably be easy to detect if the entire internet were doing it at the same time.

The secure login in Yahoo means that there won’t be any cookies kept in that computer. It is used in cases you want to see your e-mail from a friend’s computer, etc. It has nothing to do with IP traffic.

Whether you select the ‘secure’ option or not, your username and password will be transmitted encrypted (there’s a little padlock on the botom of the browser). The rest of the session is unencrypted though. Somebody sniffing will not get your username and password, but he will be able to read the emails you open. They don’t make the whole session encrypted because of the overheads in CPU power and bandwidth.

It is more expensive to do secured traffic than unsecured traffic. Besides the processing overhead, the SDMB is slow enough already, you need to pay a trusted third party to hold your certificate. The certificate is used to ensure that the website you are visiting is the one you think it is and not someone hijacking the traffic.

I think you are mixing up your protocols. There are some protocols that operate on top of other protocols. For instance, when you login to a secure web page, you are using the https protocol, over tcp/ip. You can also run many other protocols on top of tcp/ip… ftp, fibre channel, etc.

Bottom line is that there is a performance hit to use encryption when it is not neccesary. Maybe you would not notice on your PC, but the server(s), serving thousands or millions of requests a day, would certainly take a performance hit.

The basic reason is that the Internet (both the original TCP/IP network and protocols on top of that like HTTP) was designed by a small group of people for a small group of people. All these people were smart, most were highly moral, and they just wanted a way to trade data. Then a bunch of other people jumped on the bandwagon and brought the scammers, spammers, sniffers and script kiddies with them. Now we can’t trust anybody and we’ve had to try to layer security on top of protocols that never gave it a passing thought. The default protocols remained unsecured because that’s faster and backward compatible with all the older apps, but it won’t be too long before all the defaults include security for all the protocols.