"There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this," Mark Nottingham, chair of the HTTPbis working group, wrote in Wednesday's letter. (HTTPbis roughly translates to "HTTP again.")

Make web servers https by default?

And access control through dynamically provisioned, mutual authentication!  Hey, that's Encryptanet! ;-)

https isn't really secure... with specialized hardware, it can be (and is) broken transparently inline.

Make https secure by default? Or is it vulnerable to those specialized hardware attacks no matter what?

anything that can be encrypted on the fly can now be decrypted on the fly with a good video card.   The only way to cryptographically secure anything is use a very computationally expensive algorithm.