[kristofferR]

That's a shame, since S+M has the potential to become the true next-gen HTTP, an improvement for everyone, while SPDY only is useful for "the elite" websites who has purchased a SSL certificate.

Most small websites with no need for SSL, unless they're hosted on a service like Tumblr or Webly, will be stuck on HTTP 1.1 "forever". It sucks that independently hosted "real" websites will have a technological disadvantage to websites hosted on third-party services unless they're willing to shell out a not insignificant amount of money ($15+ USD per year per site).

[mike-cardwell]

Personally, I'm glad that SPDY is providing an incentive for people to use SSL.

Also, just because SSL costs money today (it doesn't if you use startssl.com), doesn't mean it will continue to do so into the future. DANE (once the spec is finalised) will allow people to store fingerprints of their SSL certs in DNS records, signed using DNSSEC. This will remove the existing CAs from the loop.

[kristofferR]

Cool, I hadn't heard about DANE/DNSSEC. How automated will the process be?

I hope you don't have to apply/renew it manually. Buying a SSL certificate and installing it was a hassle even for me (a geek), it would have been horrible for a normal website owner.