Or, what we might have ended up using instead of HTTPS. In some ways this is nicer than HTTPS, since it puts the key exchange in HTTP. Apparently this was killed by export restrictions on RSA, although it seems like the same thing would have stopped SSL too.

On the other hand, SSL has the advantage of keeping the encryption out of HTTP altogether. Thus keeping HTTP that much simpler, and also enable SSL to be used as a generic tunnel for other protocols as well. Remember, worse is better.