[OpenID] rfc2817: https vs http
Ben Laurie
benl at google.com
Mon Sep 1 21:24:06 UTC 2008
On Mon, Sep 1, 2008 at 10:11 PM, IanG <iang at systemics.com> wrote:
> Ben Laurie wrote:
>> Why don't we? Cost. It takes far more tin to serve HTTPS than HTTP.
>> Even really serious modern processors can only handle a few thousand
>> new SSL sessions per second. New plaintext sessions can be dealt with
>> in their tens of thousands.
>
>
> Yes, this is conventional wisdom, but I don't see how it can pass the laugh
> test.
>
> Let's take your order of magnitude difference estimate above (thousands
> versus tens of thousands). According to Moore's Law, etc etc, this would
> mean that the point where we can do 10x improvement needed was (latest)
> 2000, assuming 1994 start and doubling every 18 months.
>
> So in 2000, we should have all breathed a huge sigh of relief and sad,
> finally, gosh, we can now do HTTPS for the bargain basement 1994 price of
> HTTP. Thank heavens, we can be secure....
This is bollocks. The question is not whether I can out-cheap servers
I bought 10 years ago, the question is about servers I buy now. On the
other hand, I do agree, as you said wordily below (deleted), most
servers easily have the idle capacity, and its only the big(ish)
players that have the problem. That is, anyone with more than one
tenth of one server's worth of capacity.
More information about the general
mailing list