You are misinformed, and arguing with Germans about what they want to allow Jews to do isn't on top of my list of things to ever in my life do.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
You're not a Jew, so covenants with Mountain-Jew-Gods wouldn't matter to you, and I don't think any Jew cares if non Jews get circumcised or not beyond perhaps not wanting to fuck them.
You're not a Jew, that's the important bit, no offense.
Frankly the German and Dutch court systems have proven themselves more xenophobic than anything else IMHO.
However at what point did you decide to screw your wife without protection (probably multiple times) and get her pregnant without discussing what religion to raise your child in? That seems like your fail.
Jewish boy's are circumcised. Every single one. (Because if they aren't, guess what- they're not Jewish)
Happy new year.
never got over resenting authority figures when they were 13.
That was only like a year ago, cut them some slack!
The article (I know, I must leave now) does NOT say he quit G+. It says that he along with the top Mgmt at Google all seem to have opted for tighter privacy controls overnight. The number of friends and followers can no longer be *tracked*.
Actually lets totally forget that, m'kay? Sometimes there is no need for shades of grey.
They want their homebrew computer back.
As an aside: this is obviously someone who uses a Mac to be a hipster...
1) The topic at hand is the 'every webpage'- don't let dogma (even based on sound rational principles) blind you to the situation we're dealing with. That said you and I both know it's not a trivial problem for any old organization to end up with a trusted root cert in the vast majority of browsers. It is certainly less likely to occur over and over again than IPv6 to roll out or SNI support to get baked into nearly all browsers.
2&3) Go look for my posts then. I assure you I am familiar with the technologies of which you speak. There is however still a requirement of:
a) one unique layer 3 destination per hostname,
b) SNI support
c) Fancy (wildcard/SAN) certificates
Them's the facts as best I know them.
FYI *all* of the numbers you quoted are for 1k keys- which are no longer a going concern. To get 2k key performance numbers (in ideal conditions aka nothing is effed up in how they implement the chips) you can roughly divide by five so that is 15k/4k/2k respectively. And these things all cost money...
1) You don't get the issue at all. I mean technically I'm sure you could teach the course on it, but this is a business problem not a technology problem. And yes let's all become root CAs *
2) Does it make a commodity 64bit server slow down to 100s of new connections per second? Does it do all of the things that the business needs it to do to efficiently and effectively manage and serve a rich web application? Yeah didn't think so. Guess what- SSL doesn't improve anything about the immediate end user experience or the maintainability of the site. And even Servlets don't hold a candle to asymmetric key exchanges using 2k+ keys...
3) Answered about 30 times over in the comments... Let me summarize: Because it is the only way to preserve the vanity of the experience. This is important because without it there is no need to use separate hostnames for each site.
* Lemme guess- you're the/an alpha geek wherever you are. You know why that's totally ludicrous but don't expect anyone else to- so you like to throw crap like that out to try to shut people up.
Of the dozens of organizations I deal with, not one uses StartSSL certs.
See my above reply... I don't disagree with you, nor does it sound like you significantly disagree with me.
Group in your #1 is not so very small, and they are the ones that will freak out and tell everyone on Facebook that your site hacked their computer when they get the security popup...
In another year or two hopefully everyone will be using SNI...
You obviously don't understand the real world well. Web sites are marketing tools. It is marketing people that decide to use a 'vanity' domain/host name. It is 'marketing' people that dictate that the site must work on everyone's computer without throwing scary messages.
1) Sure, this is a valid response. I was just pointing out that they are not, in fact, free.
2) Bullshit this is about server capacity and not primarily latency. General purpose CPUs suck at crypto. A piece of commodity hardware that could serve 10,000 requests per second can probably do about 500 2048bit key exchanges per second. And before you go off about GPUs, most servers won't be using them for SSL, and beyond that most places are moving to virtualized hardware. Defeats the purpose of virtualization when you get no VM density...
3) This is not even remotely FUD, it is FACT. There are very few organizations in the world that would write off the large swath of users whose browsers do not support SNI. There are even fewer that would accept a url that looks like https://support.foo.com:97863/ they would just be using https://www.foo.com/support if they didn't care.
To a business a MASSIVE increase in cost, decrease in performance, and scaring off 10-20% of your most skittish users with security warnings is a HUGE problem which makes your customers feel even less secure. In reality the lack of HTTPS is something unwashed geeks worry about and 99% of customers are clueless about.
The problem is that the SSL negotiation happens before the HTTP session begins so there is no Host header available when the server has to cough up a certificate.
There are really only 3 options for HTTPS virtual hosting:
1) Wildcard certificates if all the sites are in the same domain
2) SAN certificates if the certificate ifs purchased with up to 5 names on it
3) An extension to SSL called SNI that sends the host information in the SSL negotiation.
The OP is referring to the fact that SNI is far from universally supported today.
If this isn't a new meme I'm not aware of, my head hurts...