Comments on: https for www.squarefree.com http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/ Jesse Ruderman on Firefox, security, and more Tue, 07 Oct 2008 17:06:57 +0000 http://wordpress.org/?v=2.5 By: Jesse Ruderman http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3753 Jesse Ruderman Tue, 19 Jun 2007 04:31:38 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3753 DreamHost charges $4/mo for a unique IP address, which is more than most hosts charge. (For example, Pair appears to charge $1/mo.) I'm not sure why they charge so much; it might have something to do with their <a href="http://blog.dreamhost.com/2005/09/26/something-dumb/" rel="nofollow">issues with ARIN</a>. DreamHost charges $4/mo for a unique IP address, which is more than most hosts charge. (For example, Pair appears to charge $1/mo.) I’m not sure why they charge so much; it might have something to do with their issues with ARIN.

]]> By: Laurens Holst http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3752 Laurens Holst Tue, 19 Jun 2007 04:17:03 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3752 "$47.40/year for a unique IP", that’s rediculous. Hopefully IPv6 will come soon. It seems to be picking up a little speed recently. “$47.40/year for a unique IP”, that’s rediculous. Hopefully IPv6 will come soon. It seems to be picking up a little speed recently.

]]> By: Jesse Ruderman http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3750 Jesse Ruderman Mon, 18 Jun 2007 18:09:12 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3750 <a href="http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx" rel="nofollow">IE7 on Vista supports TLS Server Name Indication</a>, but I get the impression that IE6 and IE7/XP don't support it. Opera supports it. I don't know about Safari. DreamHost does not support TLS SNI, but they're tracking requests for it in the "Suggestions" part of the panel as "Use mod_ssl in Apache 2.2 to allow SSL without requiring a unique IP". Why is <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=116169" rel="nofollow">our bug for supporting TLS SNI</a> still open? IE7 on Vista supports TLS Server Name Indication, but I get the impression that IE6 and IE7/XP don’t support it. Opera supports it. I don’t know about Safari.

DreamHost does not support TLS SNI, but they’re tracking requests for it in the “Suggestions” part of the panel as “Use mod_ssl in Apache 2.2 to allow SSL without requiring a unique IP”.

Why is our bug for supporting TLS SNI still open?

]]> By: David Baron http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3749 David Baron Mon, 18 Jun 2007 18:02:53 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3749 Firefox now supports a TLS extension that allows HTTPS on a shared IP address. (I've forgotten what it's called.) Then again, other browsers probably don't, and dreamhost probably doesn't either. Firefox now supports a TLS extension that allows HTTPS on a shared IP address. (I’ve forgotten what it’s called.) Then again, other browsers probably don’t, and dreamhost probably doesn’t either.

]]> By: Eric http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3748 Eric Mon, 18 Jun 2007 14:17:40 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3748 Jesse, When I read about your post I emailed the banks about the problem thinking the chances they read your blog was slim. Before I read you post I didn't know the trick of typing the s manually to get https. I figured out you can also type a fake username and password and get to https. Some of the banks have fixed this problem. Washington Mutual is one that I know has not. Jesse,
When I read about your post I emailed the banks about the problem thinking the chances they read your blog was slim.

Before I read you post I didn’t know the trick of typing the s manually to get https. I figured out you can also type a fake username and password and get to https.

Some of the banks have fixed this problem. Washington Mutual is one that I know has not.

]]> By: Michael Lefevre http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3747 Michael Lefevre Mon, 18 Jun 2007 10:21:42 +0000 http://www.squarefree.com/2007/06/18/https-for-wwwsquarefreecom/#comment-3747 That's cool, but you now get a broken padlock if you use https on your blog URLs. Maybe you could deal with that by doing the reverse rewrite for the other sections (so that https://www.squarefree.com/ redirects to http://www.squarefree.com/) - although I can't think of a way to do that quite as neatly as your three rules, as it needs to happen everywhere except in those directories I guess... That’s cool, but you now get a broken padlock if you use https on your blog URLs. Maybe you could deal with that by doing the reverse rewrite for the other sections (so that https://www.squarefree.com/ redirects to http://www.squarefree.com/) - although I can’t think of a way to do that quite as neatly as your three rules, as it needs to happen everywhere except in those directories I guess…

]]>