Ivan Ristic of SSL Labs, a research division of Qualys, talks about web security and endorses Google’s new SPDY protocol, which improves performance and is secure by default.  Ristic emphasizes security should be by default, and not susceptible to mistakes by administrators and developers.   He backs the idea that all web transactions should be done over SSL, and points out that often sites that use SSL fail to ensure the cookies are secure as well, often entirely defeating the purpose of using SSL in the first place.