Firefox, HTTPS and Shared Hosting

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Firefox, HTTPS and Shared Hosting

Paul M Foster
Folks:

Recently, Mozilla announced that they were going to ultimately cut off
the use of "new" features when users are viewing content via the HTTP
protocol, preferring instead the HTTPS protocol. This is an
oversimplification, but that's more or less the gist of it.

Now, most websites are hosted in a "shared hosting" environment. In such
an environment, there is generally one IP address which may serve
hundreds or thousands of websites. This IP address is shared amongst
them all, and HTTP 1.1 protocol additionally sends the domain name to
allow routing to the proper domain.

My understanding of certificate issuance (needed for secure
communications with websites) is that each domain which wishes to use a
certificate must have its own unique IP address. So Mozilla's strategy
wuold effectively cut off 99% or more of websites from using new
features.

So let me get this straight. They want to secure access to less than 1%
of the world's websites by sacrificing the other 99%?

Am I missing something here? Someone please tell me how this is supposed
to shake out. If this has been previously discussed. my apologies;
please point me to the thread.

Paul

--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|

Re: Firefox, HTTPS and Shared Hosting

Rob Mayhue
Hi Paul,

Modern web servers can use Server Name Indication (SNI) to solve this.  This link on Wikipedia should explain a few things.

http://en.wikipedia.org/wiki/Server_Name_Indication

--
Rob Mayhue


On Jun 4, 2015, at 1:02 AM, Paul M Foster wrote:

> Folks:
>
> Recently, Mozilla announced that they were going to ultimately cut off
> the use of "new" features when users are viewing content via the HTTP
> protocol, preferring instead the HTTPS protocol. This is an
> oversimplification, but that's more or less the gist of it.
>
> Now, most websites are hosted in a "shared hosting" environment. In such
> an environment, there is generally one IP address which may serve
> hundreds or thousands of websites. This IP address is shared amongst
> them all, and HTTP 1.1 protocol additionally sends the domain name to
> allow routing to the proper domain.
>
> My understanding of certificate issuance (needed for secure
> communications with websites) is that each domain which wishes to use a
> certificate must have its own unique IP address. So Mozilla's strategy
> wuold effectively cut off 99% or more of websites from using new
> features.
>
> So let me get this straight. They want to secure access to less than 1%
> of the world's websites by sacrificing the other 99%?
>
> Am I missing something here? Someone please tell me how this is supposed
> to shake out. If this has been previously discussed. my apologies;
> please point me to the thread.
>
> Paul
>
> --
> Paul M. Foster
> http://noferblatz.com
> http://quillandmouse.com
> _______________________________________________
> slug mailing list
> [hidden email]
> https://www.suncoastlug.org/mailman/listinfo/slug
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|

Re: Firefox, HTTPS and Shared Hosting

dylan
Administrator
In reply to this post by Paul M Foster
The actual thread in question relates to /new features to html / http
being https-only, not dropping support for plain http. Sure, eventually
it would be good for plain http to disappear, but that's the long tail.

Additionally, the Let's Encrypt project (launching real soon now?)
offers a way for anyone to get an SSL cert for free.

Currently I know of two ways of getting free ssl certs: StartSSL will
let you have a (single-domain) one,
and if you put your content behind CloudFront, they will manage an SSL
cert for you.

https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs%5B1-25%5D
is the thread in question.

Note: suncoastlug.org uses a not-free, but reasonably priced setup from
StartSSL -- basically I pay $50 every two years to verify I am who I say
I am, and in return any sites (that I host) I can get SSL certs.

HTTPS everywhere essentially has to happen, even without concerns for
privacy, tampering with http traffic as a way of generating ad revenue
is only going to become more common. :(
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|

Re: Firefox, HTTPS and Shared Hosting

Paul M Foster
In reply to this post by Rob Mayhue
On Thu, Jun 04, 2015 at 06:59:51AM -0400, Rob Mayhue wrote:

> Hi Paul,
>
> Modern web servers can use Server Name Indication (SNI) to solve this.  This link on Wikipedia should explain a few things.
>
> http://en.wikipedia.org/wiki/Server_Name_Indication
>
> --
> Rob Mayhue

Thanks. I found that out late last night as I continued to research the
subject. I was going to get on today and give an answer to the list,
but you beat me to it.

Paul

--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug