Re: WG Review: Open Pluggable Edge Services (opes)

[Jeffrey Altman]

> As for the argument about "TLS everywhere", you have to ask who is 
> going to pay for it. The end-user cannot demand it; only the server 
> can. TLS is universally available today, and servers rarely use it 
> for anything other than getting credit cards or passwords.

Servers do not use it for everything because the cost of using TLS
with X.509 certificates from an entity such as Verisign are on the
order of $700 per server per year per hostname.  Why should anyone be
required to pay such an outrageous tax simply to be able to protect
their home photo collection from being tampered with in transit to 
a visitor's browser?

Granted, we could all become our own CAs, but that scares end users
and reduces the trust model because we don't want to train users to
accept a new CA cert from every site they go to.  




 Jeffrey Altman * Sr.Software Designer      C-Kermit 7.1 Alpha available
 The Kermit Project @ Columbia University   includes Secure Telnet and FTP
 http://www.kermit-project.org/             using Kerberos, SRP, and 
 [EMAIL PROTECTED]          OpenSSL.  SSH soon to follow.