OK, I get what you're saying now.
Sadly that would be a legacy of bad coding or lack of using a proper framework on existing large sites.
Regardless, most businesses with that kind of an issue (and cash) would likely have an SSL certificate already, and have some developers working on ensuring that nothing gets broken when they redirect it to https://
If not, they have dinosaur systems that need to be written from scratch again.
You misunderstand me, or perhaps I didn't make it clear enough. What I'm saying has nothing to do with coding standards or even performance.
I'm commenting on the move to switch the whole web to HTTPS.
Websites that handle millions of pageviews and transactions worldwide have complex hosting needs. To put it in perspective an online store that a top retailer like Nike runs in Australia is tiny in comparison, but still a decent account.
Yes there is already SSL in place in places for these sites, but you can't just change a config setting and redirect all pages on these types of sites. There are all types of issues to consider.
I'm fortunate enough to sit in meetings with arguably some of the most talented network engineers in the country. As I said I don't profess to know about these things, in fact my eyes glaze over most of the time.. but I do know how to write good code for web applications and it has nothing to do with that.
In this instance, to switch the whole site to a wild card SSL is a significant amount of work for everyone involved and there are many stake holders (network providers, hosting partner, web and app development teams, QA etc). The change also carries significant risk for the organisation.
So even with good resources the commerical reality of the situation means that we need to plan for it months ahead. I am sure we are not alone
So my point is it's not so easy for large websites to switch over to 100% secure. If it was we'd have done it already.
----
Back to the topic at hand. I agree that these certs won't replace the need for existing ones, but will go along way towards removing the use of self signed certs and help secure sites that are currently unsecure.
Considering the scale of meta data mining that's currently going on I'm all for it.