Nxdomain redirect revenue

Owen DeLong owen at delong.com
Tue Sep 27 18:09:03 CDT 2011


On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:

> On Tue, Sep 27, 2011 at 5:29 PM, David E. Smith <dave at mvn.net> wrote:
>> On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysidia at gmail.com> wrote:
>>> That is, HTTPs should become assumed.
>> As much as that would be wonderful from a security standpoint, IMO
>> it's not realistic to expect every mom-and-pop posting a personal Web
>> site to pay extra for a static/dedicated IP address from their hosting
>> company (even if IPv6 were widely deployed, Web hosts probably would
> 
> Thanks to TLS  SNI (server name indication), a dedicated IP address is
> no longer necessarily,
> RFC 3546, 3.1.
> 

Except when it is.

> Yes, it is realistic to expect every mom-and-pop posting a personal
> web site to utilize a provider that implements SNI,  and the sooner
> they do it.
> 

No, it isn't because it requires you to send the domain portion of the URL
in clear text and it may be that you don't necessarily want to disclose even
that much information about your browsing to the public.

> It's also realistic to expect them to buy one of those $15  SSL certificates.
> Heck....   1 year .COM  registration used to cost a lot more than that.
> 

Meh... I disagree. I don't think there's any reason to encrypt web sites
that don't use authentication and are not providing personally identifying
information or other "secret" data. I run several web servers virtual and
real on one of my systems. Some of them have SSL, some of them don't.
Even the ones that have SSL don't encrypt everything. There's no reason
to encrypt that which does not need encryption and it's just an extra cost
in terms of server resources and client resources to do so.

> We're not talking about huge recurring costs here.
> 

That depends. If it's a popular web site that delivers a lot of content,
the additional CPU horsepower just to do the cryptography and the
additional power to drive it could actually be very significant.

For the average mom and pop, no, it's not a huge cost, but, neither is
it necessarily a cost worth bothering with.

Frankly, I don't expect static (or at least static-enough) addresses to
cost extra in IPv6. You can already get a /48 from Hurricane Electric
for free as long as you have IPv4 access. I suspect that eventually
other IPv6 providers will have to at least match that standard.

Owen




More information about the NANOG mailing list