On Tue, Sep 27, 2011 at 5:29 PM, David E. Smith <[email protected]> wrote: > On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <[email protected]> wrote: >> That is, HTTPs should become assumed. > As much as that would be wonderful from a security standpoint, IMO > it's not realistic to expect every mom-and-pop posting a personal Web > site to pay extra for a static/dedicated IP address from their hosting > company (even if IPv6 were widely deployed, Web hosts probably would
Thanks to TLS SNI (server name indication), a dedicated IP address is no longer necessarily, RFC 3546, 3.1. Yes, it is realistic to expect every mom-and-pop posting a personal web site to utilize a provider that implements SNI, and the sooner they do it. It's also realistic to expect them to buy one of those $15 SSL certificates. Heck.... 1 year .COM registration used to cost a lot more than that. We're not talking about huge recurring costs here. -- -JH
