

SSL, Still not computationally expensive (A response to F5) - mike-cardwell
http://www.imperialviolet.org/2011/02/06/stillinexpensive.html

======
nickf
A great response to a pretty horrid marketing fluff-piece. A couple of points:

CAs (public ones, at least) are generally phasing out 1024 bit end-entity
certs. The VS group are only allowing for 1 and 2 year certs, while GoDaddy,
Comodo, Digicert and more are pretty much not issuing 1024 bit end-entity
certs except by specific request. None will issue any that are valid after
31st Dec 2013.

Lots of talk in the other post and a mention here of SNI - which is
problematic as far as browser support goes, as was mentioned. However, there
are UCC/multi-domain certificates available. They too have caveats (all the
domains have to be validated and in one certificate, so for example a shared
web-host might have bobspornshack.com on the same cert as
saintmaryschurch.com), but for entities who don't mind that and want to cover
a multitude of domains/subdomains that a wildcard might not, they can offer a
reasonable alternative.

