Full Disclosure mailing list archives
Re: The Cookie Tools v0.3 -- first public release
From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 10 Dec 2007 19:20:22 -0800
On 10 Dec 07, at 05:45, michele dallachiesa wrote:
why HTTPS is not the default in this type of services? this is a big silent hole. maybe, today is less silent :)
The short version is "because hosting things with SSL is still hard". There's a few things which are significantly holding back the move to SSL web servers. They include: * Every domain hosted with SSL must have a dedicated IP address. This basically rules out any form of shared hosting. * SSL certificates don't come cheap. $50 seems like the low end right now, and the really big names (like Verisign or Thawte) charge several times that. * Many common load-balancing products only work with unencrypted HTTP. Furthermore, SSL places a much higher load on the server. Some of these things are set to change - for example, SNI is set to fix the first one. However, it's only just becoming available; it'll be a while before it can be relied on in production systems. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- The Cookie Tools v0.3 -- first public release michele dallachiesa (Dec 10)
- Re: The Cookie Tools v0.3 -- first public release Andrew Farmer (Dec 10)
- Re: The Cookie Tools v0.3 -- first public release Jason (Dec 10)
- Re: The Cookie Tools v0.3 -- first public release coderman (Dec 10)
- Re: The Cookie Tools v0.3 -- first public release Andrew Farmer (Dec 10)