also just a very off topic topic: what if a trusted CA issued a *.* cert? for those of you who don't know, that would be valid everywhere (even if the session was hjacked) but again, very off topic, back to the topic at hand :D *Riley Childs* *Library Technology Manager at Charlotte United Christian Academy <http://cucawarriors.com/>* *Head Programmer/Manager at Open Library Management Projec <http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>* *Cisco Certified Entry Level Technician * _________________________ *Phone: +1 (704) 497-2086* *email: [log in to unmask] <[log in to unmask]>* *email: [log in to unmask] <[log in to unmask]>* *Twitter: @RowdyChildren <http://twitter.com/rowdychildren>* On Tue, Nov 12, 2013 at 7:56 PM, Riley Childs <[log in to unmask]> wrote: > Is there a donate button somewhere? the only hurdle I see now is finding > some to maintain the cert, and coming up with the money, maybe we could put > a check box on the conference sign up form, like chip in $10 for a SSL > Cert? > Also, once again I ask how do you normally take this sort of poll deal? I > would assume it would just be a roll call (like I vote yes in a series of > emails) > Once again my recommendation for a cert provider is DigiCert, they will > cover both the wiki and site (plus *.code4lib.org) for about $475 a year > (or they have a single cert for $159) > > *Riley Childs* > *Library Technology Manager at Charlotte United Christian Academy > <http://cucawarriors.com/>* > *Head Programmer/Manager at Open Library Management Projec > <http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>* > *Cisco Certified Entry Level Technician * > _________________________ > > *Phone: +1 (704) 497-2086 <%2B1%20%28704%29%20497-2086>* > *email: [log in to unmask] <[log in to unmask]>* > *email: [log in to unmask] <[log in to unmask]>* > *Twitter: @RowdyChildren <http://twitter.com/rowdychildren>* > > > > > On Tue, Nov 12, 2013 at 7:28 PM, Simon Spero <[log in to unmask]> wrote: > >> On Mon, Nov 4, 2013 at 1:45 PM, Ethan Gruber <[log in to unmask]> wrote: >> >> > NSA broke it already >> >> >> SSL was born into lossage. After Netscape decided to go it alone, the >> first version they came back with used RC4... with the same symmetric key >> in both directions... At EIT I did a Proof of Concept attack using the >> initial lack of binding between DNS name and X.500 certificate (this was >> funded on the DARPA MADE project grant). >> >> All this was done at a time when the guestimate of a ~1 Public Key >> Operation per second. >> >> On a late 2011 macbook pro ( Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz ) >> >> openssl speed -multi 8 rsa2048 gives a throughput of 3124.2 >> signatures.second, and 97561.0 verifications. >> >> For Symmetric AES, the same hardware gives the throughput listed below. >> >> The 'numbers' are in 1000s of bytes per second processed. >> >> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 >> bytes >> >> aes-128 cbc 427093.88k 451648.30k 460755.99k 462780.42k >> 459068.76k >> >> aes-192 cbc 352143.17k 368399.83k 370499.48k 371674.11k >> 371816.40k >> >> aes-256 cbc 299224.85k 309780.08k 301863.34k 286403.36k >> 286261.25k >> In other words: the cpu cost ain't not thang. >> >> There is an recurrent cost for a server certificate, but I'm sure that >> this >> could be obtained from the usual suspects (Mellon, OCLC, Kilgour, or >> Stanford). Somebody has to responsible for renewing certificates before >> they expire (same sort of work as making sure the DNS domains don't >> expire). >> >> Simon >> > >