[daxterspeed]

It's likely that the Chrome team has plans to eventually assume https by default, given that they've outlined their plans mark http as insecure on connect[0] (rather than on input).

The move would likely have to be coordinated among the browser vendors, but it wouldn't surprise me if Apple decides to lead the charge on this one. All iPhones being https by default would put a massive demand on crappy systems that assume they can mitm users.

0: http://www.chromium.org/Home/chromium-security/marking-http-...

[gsnedders]

I think it's clear that everyone would like HTTPS-by-default, it's just a question of how to do it in a way that doesn't cause a massively degraded user-experience in the short term and still provides security gains (racing the two gets around the UX problem, but provides no security benefit). We might see something whereby we use HTTPS if the hostname has previously been connected to over HTTPS (even without HSTS).