[aur-general] Securing the AUR website
Ray Rashif
schiv at archlinux.org
Mon Sep 5 09:18:19 EDT 2011
On 5 September 2011 20:35, Pierre Schmitz <pierre at archlinux.de> wrote:
> On Mon, 5 Sep 2011 13:55:38 +0200, Cédric Girard wrote:
>> Hi,
>>
>> On Mon, Sep 5, 2011 at 1:46 PM, Ray Rashif <schiv at archlinux.org> wrote:
>>
>>> it slows down my inherently slow
>>> connection (think GPRS/EDGE/2G)
>>>
>>
>> Do you have any figures to support this? I would be interested to see what
>> the impact of HTTPS on the client side is.
>
> Me too. We'd need some numbers to back this argument. I also wonder how
> many are really affected by having such a slow connection that this
> would actually matter. I wouldn't be surprised if this number is really
> low.
It just feels slower. I think the amount of data transferred does not
look that much bigger when you have at least a 512Kbps, but browsing
is indeed slower.
Take, for eg., GMail for Mobile on my phone has HTTPS disabled, and
when enabling it warns that "more data will be used". A 128Kbps
unstable connection eg. over the GSM network will struggle with an
SSL-encrypted website far away from the user's ISP/region due to the
inevitable added latency of that kind of network.
However, you are right, there is no empirical evidence until I log my
connection to one of the Arch Linux sites with and without SSL. I will
try and do this soon.
In the meantime, these are Google results that you might've already come across:
http://support.microsoft.com/kb/150031
http://stackoverflow.com/questions/548029/how-much-overhead-does-ssl-impose
http://serverfault.com/questions/43692/how-much-of-a-performance-hit-for-https-vs-http-for-apache
--
GPG/PGP ID: 8AADBB10
More information about the aur-general
mailing list