W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2008

[whatwg] fixing the authentication problem

From: Andy Lyttle <whatwg@phroggy.com>
Date: Tue, 21 Oct 2008 10:08:03 -0700
Message-ID: <557ABEC9-6668-4C0C-96CC-69D392E37071@phroggy.com>
4. The need for a dedicated IP address, instead of using name-based  
virtual hosts.

That and #1 are the reasons I don't use it more.

-- 
Andy Lyttle
whatwg at phroggy.com



On Oct 21, 2008, at 7:48 AM, Aaron Swartz wrote:

>>> Some major web services redirect the user to an SSL server for
>>> the login transaction, but SSL is too expensive for the vast  
>>> majority
>>> of services.
>> The issue is not SSL being expensive: the only expensive part is
>
> There are three costs to SSL:
>
> 1. Purchasing a signed cert.
> 2. Configuring the web server.
> 3. The CPU time necessary to do the encryption.
>
> 1 could be fixed by less paranoid UAs, 2 could be fixed with better
> software and SNI, and 3 could be fixed by better hardware. But,
> realistically, I don't see any of these things happening.
>
>> What's the actual difference between this and https? Both mechanisms
>> are using public-key encryption to protect the communications; the
>
> The difference is that this would work practically. Server authors
> typically can't configure, but they typically can install an
> encryption library. Support will get built into web applications and
> web application frameworks (disclosure: I'm the author of a web
> application framework) and the Web will be more secure.
Received on Tuesday, 21 October 2008 10:08:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:06 UTC