-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In article AANLkTikgDVs2zHMBzrd5dDkjsjadQVLmHjYpfjBhY+=n@mail.gmail.com, Aryeh Gregor Simetrical+wikilist@gmail.com wrote:
On Sun, Feb 13, 2011 at 10:14 AM, River Tarnell r.tarnell@ieee.org wrote:
SSL certificates aren't that cheap, but only about 8 would be needed (one for each project, e.g. *.wikipedia.org), so the cost isn't prohibitive anymore.
You'd want two per project so that https://wikipedia.org/ works, right? Lots of sites fail at that, but it's lame: https://amazon.com/
That's a good point, but there's no reason for it to be required... it really depends on whether a CA will issue an appropriate cert. A certificate that contains CN=*.wikipedia.org, subjectAltName:wikipedia.org would work fine. StartSSL does include the appropriate subjectAltName in their (non-wildcard) certs; RapidSSL does not. I don't have a wildcard StartSSL certificate around to check.
On Sun, Feb 13, 2011 at 10:23 AM, Maury Markowitz maury.markowitz@gmail.com wrote:
I know local ISP's did (used to?) throttle all encrypted traffic. Would this fall into that category?
I'm not aware of any issue with this.
Not sure what "local" means (presumably USA? ;-) but I've never heard of this either -- which is not to say it doesn't happen, but there's a limit to how much ISP brokenness the WMF can reasonably work around.
- river.