RE: Facebook moves to HTTPS

Like google earlier, the Facebook announcement is newsworthy mostly because of the engineering issues, more than anything. The equipment is there to handle the load (and has been for several years). 
 
So, there may be a cryptographic element in our discussions. We have to project to web size, and engineer for hardware. This means really understanding SSLs design historyL how the hardware of earlier generations impacted its re-design, the pipelining, the message pump..its integration in general into a switched data center.
 
> From: henry.story@bblfish.net
> Date: Thu, 27 Jan 2011 15:21:51 +0100
> To: public-xg-webid@w3.org
> Subject: Facebook moves to HTTPS
> 
> Kingsely Idehen made me aware that Facebook will be moving to HTTPS
> by tweeting the article 
> "Zuckerberg's Page Hacked, Now Facebook To Offer "Always On" HTTPS"
> 
> http://www.readwriteweb.com/archives/zuckerbergs_facebook_page_hacked_and_now_facebook.php
> 
> probably due to the bad publicity of tools such as Firesheep.
> 
> A Google Employee posted some information a little while ago on how
> to why SSL server side was no longer a problem in "Overclocking SSL"
> 
> http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
> 
> Peter Williams on the foaf-protocols mailing list shortly had an
> argument how Google's trick could be useful for WebID, but also
> an argument why he thought it was bad. I did not go into that
> discussion at the time, as I thought this forum would be a better
> place to have it.
> 
> So this is a note that we should look into this in more detail here.
> 
> Peter if you can copy your argument as a response to this mail, that
> would be helpful.
> 
> Henry
> 
> PS. I have added the Facebook link to the FAQ
> http://esw.w3.org/Foaf%2Bssl/FAQ#Is_SSL_not_really_expensive_server_side_to_Process.3F_To_expensive_for__Google_.3F
> 
> 
> Social Web Architect
> http://bblfish.net/
> 
>