mailing list archives
Re: questions on SSL
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 14 Nov 2008 18:07:04 +0100
On 2008-11-14 s0h0us () yahoo com wrote:
I'm lookig for some comments regarding using SSL to encrypt
connectivity to entire website as opposed to just certain critical
connections such as an online banking link at a financial
institutions. is this a more common practice now? Bandwidth wouldn't
seem to be as big an issue as it was in the past with dialup
Bandwidth isn't so much an issue as CPU consumption. Having to encrypt/
decrypt connections will put considerably more load on the server.
Moreover, encryption has no value in itself. It has a value only when
it's used to protect something from a threat (e.g. guarantee the
integrity of data transmitted between client and server).
However, SSL is not only for encryption, but will also guarantee the
authenticity of the website. If you want to ensure that, then you may
still want SSL, even if you don't actually need encryption.
Can one SSL certificate be used to encrypt multiple links originating
from the same site:
You can get wildcard certificates (*.example.com) which will allow this.
However, there's more to consider than just securing connections by
using SSL. I suggest you take a look at this whitepaper  released by
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq