4. The need for a dedicated IP address, instead of using name-based
virtual hosts.
That and #1 are the reasons I don't use it more.
--
Andy Lyttle
[EMAIL PROTECTED]
On Oct 21, 2008, at 7:48 AM, Aaron Swartz wrote:
Some major web services redirect the user to an SSL server for
the login transaction, but SSL is too expensive for the vast
majority
of services.
The issue is not SSL being expensive: the only expensive part is
There are three costs to SSL:
1. Purchasing a signed cert.
2. Configuring the web server.
3. The CPU time necessary to do the encryption.
1 could be fixed by less paranoid UAs, 2 could be fixed with better
software and SNI, and 3 could be fixed by better hardware. But,
realistically, I don't see any of these things happening.
What's the actual difference between this and https? Both mechanisms
are using public-key encryption to protect the communications; the
The difference is that this would work practically. Server authors
typically can't configure, but they typically can install an
encryption library. Support will get built into web applications and
web application frameworks (disclosure: I'm the author of a web
application framework) and the Web will be more secure.
