https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

Matthew Petach mpetach at netflight.com
Fri Jul 25 21:52:15 UTC 2008


On 7/24/08, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
> On Thu, 24 Jul 2008, Jeffrey Ollie wrote:
>
> > Interestingly enough, Google just added a feature to GMail to force
> > secure connections:
> >
> http://googlesystem.blogspot.com/2008/07/force-gmail-to-use-secure-connection.html
> >
> > Jeff
> >
>
>  I wish Yahoo and Hotmail even had the ability of *reading* email via https:
>  http://www.interall.co.il/hotmail-yahoo-https.html

I'm sure when Gmail gets close to the same number of users
as Yahoo, they will discover how challenging and painful it is
to support that many simultaneous short-lived SSL connections.
It's much easier to support CPU intensive tasks like full-time
SSL when you have a small user base; as that user base
grows, the cost of providing that service continues to grow,
often outpacing the revenue benefit it brings.

I *definitely* agree that any paid-for mail service should
support full-time SSL connectivity for reading as well
as login.

For a free service, though, it's hard to afford the CPU
resources to handle it as the demand scales up.

>  And then MS doesn't quite understand why people prefer Gmail to Hotmail :-)
>
>  -Hank

The good news is that the more users switch to gmail from
hotmail, the less load there is on the server CPUs at hotmail,
and the sooner they'll be able to afford to enable full-time
SSL for the remaining users.  :D  So clearly, the goal is to
encourage everyone *else* to go use gmail, leaving you to
enjoy the very lightly-loaded and highly-responsive platform
left behind.  ;)

Matt




More information about the NANOG mailing list