- From: Andy Lyttle <whatwg@phroggy.com>
- Date: Tue, 21 Oct 2008 10:08:03 -0700
4. The need for a dedicated IP address, instead of using name-based virtual hosts. That and #1 are the reasons I don't use it more. -- Andy Lyttle whatwg at phroggy.com On Oct 21, 2008, at 7:48 AM, Aaron Swartz wrote: >>> Some major web services redirect the user to an SSL server for >>> the login transaction, but SSL is too expensive for the vast >>> majority >>> of services. >> The issue is not SSL being expensive: the only expensive part is > > There are three costs to SSL: > > 1. Purchasing a signed cert. > 2. Configuring the web server. > 3. The CPU time necessary to do the encryption. > > 1 could be fixed by less paranoid UAs, 2 could be fixed with better > software and SNI, and 3 could be fixed by better hardware. But, > realistically, I don't see any of these things happening. > >> What's the actual difference between this and https? Both mechanisms >> are using public-key encryption to protect the communications; the > > The difference is that this would work practically. Server authors > typically can't configure, but they typically can install an > encryption library. Support will get built into web applications and > web application frameworks (disclosure: I'm the author of a web > application framework) and the Web will be more secure.
Received on Tuesday, 21 October 2008 10:08:03 UTC