-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <[email protected]>, Aryeh Gregor <[email protected]> wrote: > On Sun, Feb 13, 2011 at 10:14 AM, River Tarnell <[email protected]> wrote: > > SSL certificates aren't that cheap, but only about 8 would be needed > > (one for each project, e.g. *.wikipedia.org), so the cost isn't > > prohibitive anymore. > You'd want two per project so that https://wikipedia.org/ works, > right? Lots of sites fail at that, but it's lame: https://amazon.com/ That's a good point, but there's no reason for it to be required... it really depends on whether a CA will issue an appropriate cert. A certificate that contains CN=*.wikipedia.org, subjectAltName:wikipedia.org would work fine. StartSSL does include the appropriate subjectAltName in their (non-wildcard) certs; RapidSSL does not. I don't have a wildcard StartSSL certificate around to check.
> On Sun, Feb 13, 2011 at 10:23 AM, Maury Markowitz > <[email protected]> wrote: > > I know local ISP's did (used to?) throttle all encrypted traffic. > > Would this fall into that category? > I'm not aware of any issue with this. Not sure what "local" means (presumably USA? ;-) but I've never heard of this either -- which is not to say it doesn't happen, but there's a limit to how much ISP brokenness the WMF can reasonably work around. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (NetBSD) iEYEARECAAYFAk1YLZIACgkQIXd7fCuc5vLvuACguVfV+ypYEhHwfmLtBwVU4Hqc sRkAn3UIUIJDYL6B7GPdW/BTYuXm4zlA =kS2S -----END PGP SIGNATURE----- _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
