nanog mailing list archives
Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Thu, 24 Jul 2008 04:05:58 -0400
On Thu, 24 Jul 2008 09:51:40 +0200 Robert Kisteleki <robert () ripe net> wrote:
Patrick W. Gilmore wrote:Anyone have a foolproof way to get grandma to always put "https://" in front of "www"?I understand this is a huge can of worms, but maybe it's time to change the default behavior of browsers from http to https...? I'm sure it's doable in FF with a simple plugin, one doesn't have to wait for FF4. (That would work for bookmarks too.)
Servers won't go along with it -- it's too expensive, both in CPU and round trips. The round trip issue affects latency, which in turn affects perceived responsiveness. This is quite definitely the reason why gmail doesn't always use https (though it, unlike some other web sites, doesn't refuse to use it). As for CPU time -- remember that most web site visits are very short; this in turn means that you have to amortize the SSL setup expense over very few pages. I talked once with a competent system designer who really wanted to use https but couldn't -- his total system cost would have gone up by a factor of 10. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: Exploit for DNS Cache Poisoning - RELEASED, (continued)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tony Finch (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Abley (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Jasper Bryant-Greene (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Patrick W. Gilmore (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Jared Mauch (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Mike Lewinski (Jul 23)
- RE: Exploit for DNS Cache Poisoning - RELEASED Skywing (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Matthew Kaufman (Jul 23)
- https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Robert Kisteleki (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Steven M. Bellovin (Jul 24)
- Re: https Sam Stickland (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jeffrey Ollie (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Hank Nussbacher (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Matthew Petach (Jul 25)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 25)
- Re: https Patrick Giagnocavo (Jul 31)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jasper Bryant-Greene (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) William Pitcock (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Chris Adams (Jul 24)