Is there a donate button somewhere? the only hurdle I see now is finding
some to maintain the cert, and coming up with the money, maybe we could put
a check box on the conference sign up form, like chip in $10 for a SSL
Cert?
Also, once again I ask how do you normally take this sort of poll deal? I
would assume it would just be a roll call (like I vote yes in a series of
emails)
Once again my recommendation for a cert provider is DigiCert, they will
cover both the wiki and site (plus *.code4lib.org) for about $475 a year
(or they have a single cert for $159)
*Riley Childs*
*Library Technology Manager at Charlotte United Christian Academy
<http://cucawarriors.com/>*
*Head Programmer/Manager at Open Library Management Projec
<http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>*
*Cisco Certified Entry Level Technician *
_________________________
*Phone: +1 (704) 497-2086*
*email: [log in to unmask] <[log in to unmask]>*
*email: [log in to unmask] <[log in to unmask]>*
*Twitter: @RowdyChildren <http://twitter.com/rowdychildren>*
On Tue, Nov 12, 2013 at 7:28 PM, Simon Spero <[log in to unmask]> wrote:
> On Mon, Nov 4, 2013 at 1:45 PM, Ethan Gruber <[log in to unmask]> wrote:
>
> > NSA broke it already
>
>
> SSL was born into lossage. After Netscape decided to go it alone, the
> first version they came back with used RC4... with the same symmetric key
> in both directions... At EIT I did a Proof of Concept attack using the
> initial lack of binding between DNS name and X.500 certificate (this was
> funded on the DARPA MADE project grant).
>
> All this was done at a time when the guestimate of a ~1 Public Key
> Operation per second.
>
> On a late 2011 macbook pro ( Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz )
>
> openssl speed -multi 8 rsa2048 gives a throughput of 3124.2
> signatures.second, and 97561.0 verifications.
>
> For Symmetric AES, the same hardware gives the throughput listed below.
>
> The 'numbers' are in 1000s of bytes per second processed.
>
> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
> bytes
>
> aes-128 cbc 427093.88k 451648.30k 460755.99k 462780.42k
> 459068.76k
>
> aes-192 cbc 352143.17k 368399.83k 370499.48k 371674.11k
> 371816.40k
>
> aes-256 cbc 299224.85k 309780.08k 301863.34k 286403.36k
> 286261.25k
> In other words: the cpu cost ain't not thang.
>
> There is an recurrent cost for a server certificate, but I'm sure that this
> could be obtained from the usual suspects (Mellon, OCLC, Kilgour, or
> Stanford). Somebody has to responsible for renewing certificates before
> they expire (same sort of work as making sure the DNS domains don't
> expire).
>
> Simon
>
|