Thanks for the update Cayden. It's reassuring to know SSL on custom domains is still alive and high priority with the GAE team.
I can certainly appreciate the desire and temptation to offer a nice, clean SNI solution. However, I think today's client compatibility reality doesn't allow for an SNI solution. The main culprits are pre-ICS Android and Blackberry clients more so than IE on Win-XP. At least on Win-XP Chrome and FireFox are viable alternatives to IE. Whereas Android incompatibility includes the Kindle Fire and the overwhelming majority of Android phones on the market today. It just doesn't make sense for a modern website to deliberately disregard the certificate warnings its users will experience with those clients. The warnings leave an unprofessional blemish on the site and likely leave the user confused and questioning the site's integrity and professionalism. My hope is that Google will stick with the SNI path for possible future deployment but realize that VIP is the only practical approach at this point in time. This means VIP would need to be offered at an affordable price point or perhaps even made available for free. I can only imagine the cost and challenges involved with developing a robust VIP solution in the cloud environment. However, every once in a while a feature is significant enough to overlook the NRE and do the right thing in lieu of trying to directly recoup costs. I would argue that SSL on custom domains is such a feature. A proper, affordable SSL solution promotes a secure web and benefits the GAE platform. I wish SNI had been a part of the original TLS spec but unfortunately that didn't happen and now we are forced to wait several more years for significantly more incompatible clients to flush out of the ecosystem. The alternative is to support SNI and pollute the web with certificate warnings when Android and Blackberry clients visit certain GAE sites. I don't think anybody wants this and I hope Google does the right thing. - Doug Anderson > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/8yEFneGBHzUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
