"Would not have been possible" - Even if that is true, it doesn't mean TLS is foolproof or efficient.
Is there really anything to attack on every single website though? That is worth the overhead? That is the point I'm trying to get across.
It depends. If a user (or a company) is a victim of targeted attack all their http connections to outside world could be manipulated by MITM. This would be harder to achieve if all traffic would be https instead of http. OTOH such attacker could probably easily use stolen certificates to try to hide their MITM actions. Encrypting all traffic would raise a bar for agencies that try to carry out mass surveillance. Is it worth? I don't know, you tell me. EDIT: I also found out this on EFF site: https://www.eff.org/https-everywher...te-to-support-HTTPS-compared-to-regular-HTTP?
Yep, https adds very little to overhead. I think its mostly lazy website admins that don't want to mess with setting it up, and that isn't too tough either.
U.S. asks China to investigate cyber attack targeting U.S. sites http://whtc.com/news/articles/2015/...a-cyberattack-on-internet-content-state-dept/