Is there a donate button somewhere? the only hurdle I see now is finding some to maintain the cert, and coming up with the money, maybe we could put a check box on the conference sign up form, like chip in $10 for a SSL Cert? Also, once again I ask how do you normally take this sort of poll deal? I would assume it would just be a roll call (like I vote yes in a series of emails) Once again my recommendation for a cert provider is DigiCert, they will cover both the wiki and site (plus *.code4lib.org) for about $475 a year (or they have a single cert for $159) *Riley Childs* *Library Technology Manager at Charlotte United Christian Academy <http://cucawarriors.com/>* *Head Programmer/Manager at Open Library Management Projec <http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>* *Cisco Certified Entry Level Technician * _________________________ *Phone: +1 (704) 497-2086* *email: [log in to unmask] <[log in to unmask]>* *email: [log in to unmask] <[log in to unmask]>* *Twitter: @RowdyChildren <http://twitter.com/rowdychildren>* On Tue, Nov 12, 2013 at 7:28 PM, Simon Spero <[log in to unmask]> wrote: > On Mon, Nov 4, 2013 at 1:45 PM, Ethan Gruber <[log in to unmask]> wrote: > > > NSA broke it already > > > SSL was born into lossage. After Netscape decided to go it alone, the > first version they came back with used RC4... with the same symmetric key > in both directions... At EIT I did a Proof of Concept attack using the > initial lack of binding between DNS name and X.500 certificate (this was > funded on the DARPA MADE project grant). > > All this was done at a time when the guestimate of a ~1 Public Key > Operation per second. > > On a late 2011 macbook pro ( Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz ) > > openssl speed -multi 8 rsa2048 gives a throughput of 3124.2 > signatures.second, and 97561.0 verifications. > > For Symmetric AES, the same hardware gives the throughput listed below. > > The 'numbers' are in 1000s of bytes per second processed. > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 > bytes > > aes-128 cbc 427093.88k 451648.30k 460755.99k 462780.42k > 459068.76k > > aes-192 cbc 352143.17k 368399.83k 370499.48k 371674.11k > 371816.40k > > aes-256 cbc 299224.85k 309780.08k 301863.34k 286403.36k > 286261.25k > In other words: the cpu cost ain't not thang. > > There is an recurrent cost for a server certificate, but I'm sure that this > could be obtained from the usual suspects (Mellon, OCLC, Kilgour, or > Stanford). Somebody has to responsible for renewing certificates before > they expire (same sort of work as making sure the DNS domains don't > expire). > > Simon >