Monday, February 4, 2008


Can somebody tell me why SSL is not required every where on the internet?
I understand that SSL takes up extra cpu cycles for the computation of the encrypted conversation. The days of saving CPUs are over. I have not worked on a project recently where the companies weren't afraid of spending money on more hardware either accelerators or servers. That is usually the easy part.
I think that if companies went ahead and required SSL and digital certificates for every project we would see a lot more use of the technology and better understanding. I am always surprised when I see developers afraid of SSL and with no knowledge of what is actually happening with an implementation.

I know its not a magic pill for security. I am only wondering why a technology that was patented in the 70s is still so avoided.

I think if it was the default mode on the internet we would increase understanding from the developer point of view.
More focus would hopefully drive the tools to improve. I know from experience PKI is tough to manage and can stop a system in its tracks because a certificate expires.
I feel like the magical nature of PKI and encryption keeps the tools in the stone ages as far as management.

Why does Verisign get to charge so much for certificates?

No comments: