- From: timeless <timeless@gmail.com>
- Date: Tue, 21 Oct 2008 21:12:58 +0100
This is bogus. Tls supports a way to return different certs based on the name. On 10/21/08, Andy Lyttle <whatwg at phroggy.com> wrote: > 4. The need for a dedicated IP address, instead of using name-based > virtual hosts. > > That and #1 are the reasons I don't use it more. > > -- > Andy Lyttle > whatwg at phroggy.com > > > > On Oct 21, 2008, at 7:48 AM, Aaron Swartz wrote: > >>>> Some major web services redirect the user to an SSL server for >>>> the login transaction, but SSL is too expensive for the vast >>>> majority >>>> of services. >>> The issue is not SSL being expensive: the only expensive part is >> >> There are three costs to SSL: >> >> 1. Purchasing a signed cert. >> 2. Configuring the web server. >> 3. The CPU time necessary to do the encryption. >> >> 1 could be fixed by less paranoid UAs, 2 could be fixed with better >> software and SNI, and 3 could be fixed by better hardware. But, >> realistically, I don't see any of these things happening. >> >>> What's the actual difference between this and https? Both mechanisms >>> are using public-key encryption to protect the communications; the >> >> The difference is that this would work practically. Server authors >> typically can't configure, but they typically can install an >> encryption library. Support will get built into web applications and >> web application frameworks (disclosure: I'm the author of a web >> application framework) and the Web will be more secure. > > -- Sent from Gmail for mobile | mobile.google.com
Received on Tuesday, 21 October 2008 13:12:58 UTC