-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gregory Maxwell wrote:
Anyone here have any experience with protocol relative URLs, that is URLs of the form "//some.domain.org/file.ext"? URLs of this form are uncommon but appear compliant with RFC 1808.
A possible application of protocol relative URLs for MediaWiki is that they could be used remove the problem of needing duplicate parsings of pages containing external (and cross-domain) links in order to support HTTPS. With that issue out of the way the only impediment to high performance SSL is connection setup which can be addressed with dedicated crypto cards or crypto enhanced CPUs like Ultrasparc T1/T2.
Duplicate parsing honestly isn't much of an impediment here; the primary impediment is just configuring things properly for virtual hosts and SSL proxies on the same IPs that we run non-SSL on.
eg, we want https://en.wikipedia.org/wiki/Foobar to work, which requires:
* SSL proxies in each data center * wildcart certs for each second-level domain * appropriate connection setup for the certs to work; eg one public IP per data center per second-level domain
We did some experimentation in this direction last year, but haven't really got the ball rolling yet.
- -- brion