Comments on: PSA: https and gmail http://ericgar.com/2008/01/19/psa-https-and-gmail/ Fri, 05 Dec 2008 09:40:13 +0000 http://wordpress.org/?v=2.6.5 By: Eric http://ericgar.com/2008/01/19/psa-https-and-gmail/#comment-220 Eric Mon, 21 Jan 2008 21:38:43 +0000 http://www.ericgar.com/2008/01/19/psa-https-and-gmail/#comment-220 That's all true, but I think those are tangential problems that don't concern gmail. That’s all true, but I think those are tangential problems that don’t concern gmail.

]]> By: Casey http://ericgar.com/2008/01/19/psa-https-and-gmail/#comment-219 Casey Mon, 21 Jan 2008 21:16:29 +0000 http://www.ericgar.com/2008/01/19/psa-https-and-gmail/#comment-219 While it's probably cost issues, there are even more problems. First of all, distributing certificates to thousands of internet-facing servers still isn't perfectly solved. Also, because SSL encrypts *everything*, you have to present the certificate before the browser sends the Host: field. This means you can't use VHosts for SSL. While it’s probably cost issues, there are even more problems. First of all, distributing certificates to thousands of internet-facing servers still isn’t perfectly solved. Also, because SSL encrypts *everything*, you have to present the certificate before the browser sends the Host: field. This means you can’t use VHosts for SSL.

]]> By: Eric http://ericgar.com/2008/01/19/psa-https-and-gmail/#comment-218 Eric Sun, 20 Jan 2008 22:49:16 +0000 http://www.ericgar.com/2008/01/19/psa-https-and-gmail/#comment-218 I don't know why they do that. I surmise that it's because encryption is expensive. For every packet sent back and forth, a non-trivial amount of computation has to take place in order to encrypt it. While your desktop probably has available cycles to do this, they have to do this for all users. That gets expensive very quickly. There are a lot of variables, but performance impact can be an order of magnitude or more. I don’t know why they do that. I surmise that it’s because encryption is expensive. For every packet sent back and forth, a non-trivial amount of computation has to take place in order to encrypt it. While your desktop probably has available cycles to do this, they have to do this for all users.

That gets expensive very quickly. There are a lot of variables, but performance impact can be an order of magnitude or more.

]]> By: Somudro Gupta http://ericgar.com/2008/01/19/psa-https-and-gmail/#comment-217 Somudro Gupta Sun, 20 Jan 2008 20:21:29 +0000 http://www.ericgar.com/2008/01/19/psa-https-and-gmail/#comment-217 Hey, it still says 0 comments! I demand my previous comment, as well as this one, to be heard. Hey, it still says 0 comments! I demand my previous comment, as well as this one, to be heard.

]]> By: Somudro Gupta http://ericgar.com/2008/01/19/psa-https-and-gmail/#comment-216 Somudro Gupta Sun, 20 Jan 2008 20:18:31 +0000 http://www.ericgar.com/2008/01/19/psa-https-and-gmail/#comment-216 Why does Google redirect you to the unencrypted page? OR, why don't they just make http://gmail.com redirect to https://gmail.com ? Why does Google redirect you to the unencrypted page? OR, why don’t they just make http://gmail.com redirect to https://gmail.com ?

]]>