I share your sentiment about the SSL support 100%... it's great to finally
have it but the reality is the ecosystem just isn't ready for SNI yet.
There are still too many browsers that don't support SNI including the
Kindle Fire and every other pre-Ice Cream Sandwich Android device (of which
there are many). To be honest I expect Google to be a better steward of
the Internet. Proper SSL support should be encouraged and offered as an
inherent part any professional web development platform. SSL should NOT be
treated as a major feature upgrade where cost becomes a deciding factor for
adoption. By favoring SNI Google is compromising the integrity of the
browser experience anytime the overwhelming majority of Android users
browse to a secure App Engine site.
The non-SNI supporting browsers I've tested generate big ol' certificate
warnings and strongly encourage users NOT to continue browsing to the site.
Users generally have a choice to continue or not but the warnings sound
quite ominous and make it seem like your illegitimate site is pretending to
be someone else's legitimate site ("the certificate this site is using was
issued for another web address"). Unfortunately, adopting SNI right now
just pollutes the browsing experience and makes your site seem shady.
With Internet Explorer if the user clicks through the certificate warning
and continues to you site, the URL input bar stays highlighted with a red
background and an intimidating "certificate error" message is displayed to
the right of the URL.
I'm all for Google profiting from App Engine but it seems like there are
enough other opportunities for that since they monitor and charge for just
about everything else. I'm still hoping there's enough "don't be evil"
within Google that they decide to favor a seamless browsing experience over
a pay-for-proper-security profit grab. Perhaps in another 3-5 years the
ecosystem will be more accommodating of SNI but unfortunately that day
isn't here yet.
On Wednesday, July 18, 2012 3:02:20 PM UTC-4, GAEfan wrote:
>
> So happy to see SSL support finally here, but a bit disappointed. VIP
> seems the way to go, but at $99 per month, it is cost prohibitive for some
> of our apps. So, I am asking for feedback from others who have implemented
> SNI. From my understanding, there are still many visitors with older
> browsers who will not be able to use it. Is that correct?
>
> Looking at recent stats, we have 16% of our visitors with IE 6 or 7. And
> an astounding 43% with XP or previous versions of Windows. Not to mention
> those with Safari/Win, or older Android OS. What will these visitors see
> when they try to access an SNI-SSL page?
>
> Any problems/issues encountered with SNI implementations? Older browsers?
> International visitors? Frankly, at $108/year PLUS the certificate, even
> SNI-SSL is expensive. But $1200/year, plus cert, for VIP is not feasible
> for smaller apps. (IMO, $108/year should cover virtual IP). Sticking with
> our appspot URLs for SSL until this is ready for prime time. We are not
> willing to abandon even a small single-digit percentage of our users.
>
> Also, I recently was told that some search engines use the IP address in
> page ranking. Shared IPs are penalized. Had not heard that before, and
> not sure that is accurate, as a majority of sites are on shared-IPs.
>
> Your feedback greatly appreciated.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-appengine/-/HUXzIEE43doJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
