-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <AANLkTikgDVs2zHMBzrd5dDkjsjadQVLmHjYpfjBhY+=n(a)mail.gmail.com>om>,
Aryeh Gregor <Simetrical+wikilist(a)gmail.com> wrote:
On Sun, Feb 13, 2011 at 10:14 AM, River Tarnell
<r.tarnell(a)ieee.org> wrote:
> SSL certificates aren't that cheap, but only about 8 would be needed
> (one for each project, e.g. *.wikipedia.org), so the cost isn't
> prohibitive anymore.
You'd want two per project so that
https://wikipedia.org/ works,
right? Lots of sites fail at that, but it's lame:
https://amazon.com/
That's a good point, but there's no reason for it to be required... it
really depends on whether a CA will issue an appropriate cert. A
certificate that contains
CN=*.wikipedia.org,
subjectAltName:wikipedia.org would work fine. StartSSL does include the
appropriate subjectAltName in their (non-wildcard) certs; RapidSSL does
not. I don't have a wildcard StartSSL certificate around to check.
On Sun, Feb 13, 2011 at 10:23 AM, Maury Markowitz
<maury.markowitz(a)gmail.com> wrote:
> I know local ISP's did (used to?) throttle all encrypted traffic.
> Would this fall into that category?
I'm not aware of any issue with this.
Not sure what "local" means (presumably USA? ;-) but I've never heard of
this either -- which is not to say it doesn't happen, but there's a
limit to how much ISP brokenness the WMF can reasonably work around.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (NetBSD)
iEYEARECAAYFAk1YLZIACgkQIXd7fCuc5vLvuACguVfV+ypYEhHwfmLtBwVU4Hqc
sRkAn3UIUIJDYL6B7GPdW/BTYuXm4zlA
=kS2S
-----END PGP SIGNATURE-----