Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Foreskin (Score 1) 544

Frankly the German and Dutch court systems have proven themselves more xenophobic than anything else IMHO.

However at what point did you decide to screw your wife without protection (probably multiple times) and get her pregnant without discussing what religion to raise your child in? That seems like your fail.

Jewish boy's are circumcised. Every single one. (Because if they aren't, guess what- they're not Jewish)

Happy new year.

Comment Re:Well lets see... (Score 1) 665

1) The topic at hand is the 'every webpage'- don't let dogma (even based on sound rational principles) blind you to the situation we're dealing with. That said you and I both know it's not a trivial problem for any old organization to end up with a trusted root cert in the vast majority of browsers. It is certainly less likely to occur over and over again than IPv6 to roll out or SNI support to get baked into nearly all browsers.

2&3) Go look for my posts then. I assure you I am familiar with the technologies of which you speak. There is however still a requirement of:
a) one unique layer 3 destination per hostname,
b) SNI support
c) Fancy (wildcard/SAN) certificates

Them's the facts as best I know them.

FYI *all* of the numbers you quoted are for 1k keys- which are no longer a going concern. To get 2k key performance numbers (in ideal conditions aka nothing is effed up in how they implement the chips) you can roughly divide by five so that is 15k/4k/2k respectively. And these things all cost money...

Comment Re:Well lets see... (Score 1) 665

1) You don't get the issue at all. I mean technically I'm sure you could teach the course on it, but this is a business problem not a technology problem. And yes let's all become root CAs *

2) Does it make a commodity 64bit server slow down to 100s of new connections per second? Does it do all of the things that the business needs it to do to efficiently and effectively manage and serve a rich web application? Yeah didn't think so. Guess what- SSL doesn't improve anything about the immediate end user experience or the maintainability of the site. And even Servlets don't hold a candle to asymmetric key exchanges using 2k+ keys...

3) Answered about 30 times over in the comments... Let me summarize: Because it is the only way to preserve the vanity of the experience. This is important because without it there is no need to use separate hostnames for each site.

* Lemme guess- you're the/an alpha geek wherever you are. You know why that's totally ludicrous but don't expect anyone else to- so you like to throw crap like that out to try to shut people up.

Comment Re:Well lets see... (Score 1) 665

See my above reply... I don't disagree with you, nor does it sound like you significantly disagree with me.

Group in your #1 is not so very small, and they are the ones that will freak out and tell everyone on Facebook that your site hacked their computer when they get the security popup...

In another year or two hopefully everyone will be using SNI...

Comment Re:Well lets see... (Score 1) 665

You obviously don't understand the real world well. Web sites are marketing tools. It is marketing people that decide to use a 'vanity' domain/host name. It is 'marketing' people that dictate that the site must work on everyone's computer without throwing scary messages.

1) Sure, this is a valid response. I was just pointing out that they are not, in fact, free.
2) Bullshit this is about server capacity and not primarily latency. General purpose CPUs suck at crypto. A piece of commodity hardware that could serve 10,000 requests per second can probably do about 500 2048bit key exchanges per second. And before you go off about GPUs, most servers won't be using them for SSL, and beyond that most places are moving to virtualized hardware. Defeats the purpose of virtualization when you get no VM density...
3) This is not even remotely FUD, it is FACT. There are very few organizations in the world that would write off the large swath of users whose browsers do not support SNI. There are even fewer that would accept a url that looks like they would just be using if they didn't care.

To a business a MASSIVE increase in cost, decrease in performance, and scaring off 10-20% of your most skittish users with security warnings is a HUGE problem which makes your customers feel even less secure. In reality the lack of HTTPS is something unwashed geeks worry about and 99% of customers are clueless about.

Comment Re:virtual hosts, money (Score 1) 665

The problem is that the SSL negotiation happens before the HTTP session begins so there is no Host header available when the server has to cough up a certificate.

There are really only 3 options for HTTPS virtual hosting:
1) Wildcard certificates if all the sites are in the same domain
2) SAN certificates if the certificate ifs purchased with up to 5 names on it
3) An extension to SSL called SNI that sends the host information in the SSL negotiation.

The OP is referring to the fact that SNI is far from universally supported today.

Slashdot Top Deals

To communicate is the beginning of understanding. -- AT&T