That is why people in the know say, EV-certificates (green bar, hopefully proper verification of organisation) is still useful.
Yes I want DNSSEC, it will however take years.
It is now slowly spreading over the TLD's, 20%of the TLD's now have or will soon have DNSSEC support. That 20% is the 20% of the most important/largest TLD's like.net and.com.org and.info So probably in practise more than 50% can soon be signed.
The domainname providers and hosting providers are slowly starting to support it or have something in testing and so on.
It would be good if the access-providers and organisations like opendns would support it, but atleast opendns does not seem to be interrrested.
But if you want it to work for the user to be able to use it to very it in the browser. We'll need the operating systems to support it, I think recent Linux distributions support it and Windows 7.
Some DSL-/cable-/SOHO-routers block DNSSEC or don't allow the fallback to work, so they need to be fixed.
Also the protocol needs to be there and the browsers need to support it. There is an old RFC which might apply for this, but there seems to be some discussion if that is the right solution.
The computer needs to be on the correct time, not like with HTTPS where it can be off a few months and it might work. But more correct within minutes.
When all this exists, yes we can use it for that.
There are also some fallback proposals discusses, but nothing which has 'industry support' (whatever that means). Actually DNSSEC doesn't have have that, some people think DNSSEC gives to much more to the root (thus the US government) and so on. I think the solution for that might be to move that to Switzerland and make it independant like some other organisations.
"Firefox probably popped up and said 4 is available and people clicked okay."
No, not yet. Unless they where running Firefox 4 beta, release candidate or something like that.
They will wait a few days (maybe weeks) before doing that. The more problems that can be found/fixed in a short time before they go from 12 to 400 million could be beneficial for the people in the second adoption 'wave'. They might even do a point release first if they find something nasty.
Although with the many beta's and the release candidates and having more people use Firefox 4 Beta's than IE9-final is being used now, I doubt the issues will be big enough.
Although there was an SSL-certificate security issue, maybe that means there will be a Firefox 4 update anyway ?
I don't know where that 10ms comes from, maybe processing on the server in 1999 ? It is not one value.
It very much depends on how close you are to the server. If the server is in Europe and you are in Australia it will be a lot worse, SSL adds a number of roundtrips at the start and as a user that means nothing will be displayed in that time.
Also Google uses SPDY and other tricks like False-Start to make Chrome load gmail faster.
Actually if all browsers and servers would implement SPDY with SSL (actually TLS ofcourse) then whole pages would load faster than current use of HTTP.
Many are already building phone apps based on webstandards like HTML5, CSS, JS, SVG(filters). Have a look at things like PhoneGap which gives an webstandards based app access to your device (like the addressbook if you want it to). Also the developer doesn't need to reupload the app to the appstore each time. The developer can just use the HTML5-features to update the HTML/JS/CSS from a website.
So that could be the solution.
Facebook ? I don't know, I don't life in the US where it seems to have had a bigger impact. But I've never seen anything on Facebook which I would like to see in my google searches.
I wouldn't say it's XP fault. Maybe XP's popularity or Microsoft's fault for not rolling it into one of the service packs (SP2b, SP2c as they are called on Wikipedia or SP3 where all released after Windows Vista which does not suffer from the mistake).
What is your problem then ? Price ? That problem was solved last year when Opera added the root certificate for the free certificates from https://www.startssl.com/
Some poeple like StartSSL actually do try to improve things.
That is one of the reasons people are busy deploying DNSSEC so we can put certificate-information in DNS and verify that. It will take years ofcourse before it gets deployed.
(yes you still need to pay your hosting provider, because of the extra IP-address/setup time unless you don't care about Android and IE/Safari on Windows XP)
Slashdot Mirror
Don't know.
But you can go to https://www.startssl.com/ and get the same 'domain-validation' service for free. :-)
That is why people in the know say, EV-certificates (green bar, hopefully proper verification of organisation) is still useful.
Yes I want DNSSEC, it will however take years.
It is now slowly spreading over the TLD's, 20%of the TLD's now have or will soon have DNSSEC support. That 20% is the 20% of the most important/largest TLD's like .net and .com .org and .info So probably in practise more than 50% can soon be signed.
The domainname providers and hosting providers are slowly starting to support it or have something in testing and so on.
It would be good if the access-providers and organisations like opendns would support it, but atleast opendns does not seem to be interrrested.
But if you want it to work for the user to be able to use it to very it in the browser. We'll need the operating systems to support it, I think recent Linux distributions support it and Windows 7.
Some DSL-/cable-/SOHO-routers block DNSSEC or don't allow the fallback to work, so they need to be fixed.
Also the protocol needs to be there and the browsers need to support it. There is an old RFC which might apply for this, but there seems to be some discussion if that is the right solution.
The computer needs to be on the correct time, not like with HTTPS where it can be off a few months and it might work. But more correct within minutes.
When all this exists, yes we can use it for that.
There are also some fallback proposals discusses, but nothing which has 'industry support' (whatever that means). Actually DNSSEC doesn't have have that, some people think DNSSEC gives to much more to the root (thus the US government) and so on. I think the solution for that might be to move that to Switzerland and make it independant like some other organisations.
Or does it have something to do with the combining of words to make a new one ?
German and Dutch are very much related.
But do tell me what is special about the word: webstandards ?
I means, no pop-up asking you login. It will automatically login with the current-user of the domain.
But now that I think about it, it probably does.
But Firefox can do it for websites outside of the domain too, like IE.
Like hosted Sharepoint or something like that.
Well, Microsoft is one the biggest investors of ZDNET, I mean advertisers.
He, he. I think that is about right.
Yeah, I had a fever that day. It was 40 degrees C ( 104 F ) and thus got a bit lazy.
Also English is not my first language, Dutch is.
I'm sure you can find many more mistakes in my English, I make quiet a few comments on Slashdot.
But Firefox supports auto-login like IE.
Chrome, Safari and Opera do not.
"Firefox probably popped up and said 4 is available and people clicked okay."
No, not yet. Unless they where running Firefox 4 beta, release candidate or something like that.
They will wait a few days (maybe weeks) before doing that. The more problems that can be found/fixed in a short time before they go from 12 to 400 million could be beneficial for the people in the second adoption 'wave'. They might even do a point release first if they find something nasty.
Although with the many beta's and the release candidates and having more people use Firefox 4 Beta's than IE9-final is being used now, I doubt the issues will be big enough.
Although there was an SSL-certificate security issue, maybe that means there will be a Firefox 4 update anyway ?
I don't know where that 10ms comes from, maybe processing on the server in 1999 ? It is not one value.
It very much depends on how close you are to the server. If the server is in Europe and you are in Australia it will be a lot worse, SSL adds a number of roundtrips at the start and as a user that means nothing will be displayed in that time.
Also Google uses SPDY and other tricks like False-Start to make Chrome load gmail faster.
Actually if all browsers and servers would implement SPDY with SSL (actually TLS ofcourse) then whole pages would load faster than current use of HTTP.
Maybe they want to charge extra for the certificate on top of what they payed for the cert (not talking about admin/setup costs).
Because that is exactly what happends.
Would it not be a bit strange if the certificate of www.bankofamerica.com also had a name like www.danniesbikeshop.com in it ?
So it usually is only useful if it is for the same organisation.
Many are already building phone apps based on webstandards like HTML5, CSS, JS, SVG(filters). Have a look at things like PhoneGap which gives an webstandards based app access to your device (like the addressbook if you want it to). Also the developer doesn't need to reupload the app to the appstore each time. The developer can just use the HTML5-features to update the HTML/JS/CSS from a website.
So that could be the solution.
Facebook ? I don't know, I don't life in the US where it seems to have had a bigger impact. But I've never seen anything on Facebook which I would like to see in my google searches.
Yeah there is a lot of 'administrative overhead' involved with certs.
For some CA I'm sure if you pay that CA enough they'll probably solve that for you in anyway you want it.
Actually Microsoft IIS does support it, their is just no GUI for it. ;-)
It is not an issue because it is free:
http://www.startssl.com/
1. SSL certificates are free, just look at StartSSL.
I wouldn't say it's XP fault. Maybe XP's popularity or Microsoft's fault for not rolling it into one of the service packs (SP2b, SP2c as they are called on Wikipedia or SP3 where all released after Windows Vista which does not suffer from the mistake).
But what reason is their to use self-signed if you can get certificates for free ?
(hist: startssl)
What is your problem then ? Price ? That problem was solved last year when Opera added the root certificate for the free certificates from https://www.startssl.com/
Some poeple like StartSSL actually do try to improve things.
That is one of the reasons people are busy deploying DNSSEC so we can put certificate-information in DNS and verify that. It will take years ofcourse before it gets deployed.
blah, blah, blah.
The problem is in Windows XP and Windows XP has 51% of the WIndows marketshare worldwide.
I also 'hear' in this form Google Android does not support it in current versions.
Pretty much everything else does or can be made to do so (Apache/libopenssl on the 'recently released' Debian stable works for example).
Good luck with SNI.
No, Statcounter says 51% worldwide, so in some countries yes.
It is already free: https://www.startssl.com/
How much cheaper do you want it to be ?
(yes you still need to pay your hosting provider, because of the extra IP-address/setup time unless you don't care about Android and IE/Safari on Windows XP)
How about free ?:
http://www.startssl.com/
Works in any desktop browser.