Luis, I concur with Sean.
Here's some stats on use of https:
And here's a comment from fellow group member Luis Carmona:
"You can use self signed certificate or one that comes with the hardware. You just get a warning when you access the device that the certificate is not from "a trusted authority". That means it can be spoofed by interception- the "man in the middle" attack. You can get registered certificates from most Internet registrars like Network Solutions, GoDaddy and Verisign, etc.
I doubt the overhead is noticeable with today's hardware, so I don't see it causing slower access.
The lack of HTTPS support is again one of those oxymorons for the security industry and where there industry really lags in modern computer and network concepts."
And here's a comment from Brian Karas at VideoIQ:
"Our cameras support HTTP and HTTPS options (it's in one mode or the other, you can't have "mixed" support). I'd say HTTPS is used maybe 10% of the time, and even then probably only because it's just a checkbox to enable it.
IME, people who *really* want data encryption control implement VPNs, and in many cases limit source IPs so that the camera is not discoverable from the public Internet in the first place."
And another from him:
"It just seems like certain customers or integrators have a healthy paranoia and implement HTTPS or VPN's as a matter of course."
Here's Wagner, a VMS developer commenting on Axis's support:
"Axis cameras support RTSP over HTTP method to stream data, so turning on HTTPS in this case will make the video to be sent over this "secure" channel. But that couldn't be true for other vendors, where the video could still be streamed over a plain RTSP connection."
And finally here's a technical note on implementing https with Axis cameras and Aimetis VMS, a seemingly time consuming process.