> I was just trying to point out that the cost increases linearly and nowhere near $50/domain/yr.
Not sure on your math. 2EUR/IPv4/year is 24EUR/IPv4/year, say, you have just two subdomains -- that's already 48EUR/IPv4/year, for a single TLD domain!
> Besides, it was your choice to get a dozen different domains and create a bunch of subdomains on them
Yes, based on best practices and technological needs; or maybe consolidation of a legacy architecture (where each domain used to have a different physical machine); or maybe the future compartmentalisation through IPv6 (where each domain has a separate logical IPv6-only machine, all sharing IPv4 through a single non-fail-safe legacy proxy); or maybe just outright security for cookies between separate applications I run to protect against XSS attacks.
Or do you suggest I make my choices in technology based on the racketeering of the certification cartel instead? Use inflexible, stagnated and insecure operating practices just to please the certificate authority cartels? No thanks.
> your choice whether or not to support non-SNI clients
What did non-SNI clients did to you to block them from allowing access to your personal web-site? Android had no SNI support until very-very recently, for example. I don't want to not be able to access my own web-site from my own phones! However, the separate `https` address scheme would guarantee that my site wouldn't simply work if I follow someone's https link to it on my Android 2.2 device, and there is no way to avoid someone from giving out https links should I enable https (which will never happen, BTW).
> I'd love to get a thousand different domains
You can -- you don't have to pay anyone for your subdomains! Other than the certificate authorities, apparently!
> If you don't want to pay for overpriced certificates on your gazillion subdomains, just don't. Consolidate your domains and subdomains, or at least consolidate the parts that need SSL. It's as simple as that.
Aha! Parts that need SSL? It'd be nice to have, but none require it -- I'm not running a bank and don't collect payment details! And, no, I will not revisit sound engineering and marketing decisions based on the political limitations of the certificate authorities. Not gonna happen. CAs will not dictate the rules of the game for me.
Fix encryption for HTTP to be as easy as SSH and STARTTLS in SMTP (I don't need no https access scheme for my non-commercial pages!), and I'll gladly enable it for all of my domains. Until then, thanks, but no thanks.
Not sure on your math. 2EUR/IPv4/year is 24EUR/IPv4/year, say, you have just two subdomains -- that's already 48EUR/IPv4/year, for a single TLD domain!
> Besides, it was your choice to get a dozen different domains and create a bunch of subdomains on them
Yes, based on best practices and technological needs; or maybe consolidation of a legacy architecture (where each domain used to have a different physical machine); or maybe the future compartmentalisation through IPv6 (where each domain has a separate logical IPv6-only machine, all sharing IPv4 through a single non-fail-safe legacy proxy); or maybe just outright security for cookies between separate applications I run to protect against XSS attacks.
Or do you suggest I make my choices in technology based on the racketeering of the certification cartel instead? Use inflexible, stagnated and insecure operating practices just to please the certificate authority cartels? No thanks.
> your choice whether or not to support non-SNI clients
What did non-SNI clients did to you to block them from allowing access to your personal web-site? Android had no SNI support until very-very recently, for example. I don't want to not be able to access my own web-site from my own phones! However, the separate `https` address scheme would guarantee that my site wouldn't simply work if I follow someone's https link to it on my Android 2.2 device, and there is no way to avoid someone from giving out https links should I enable https (which will never happen, BTW).
> I'd love to get a thousand different domains
You can -- you don't have to pay anyone for your subdomains! Other than the certificate authorities, apparently!
> If you don't want to pay for overpriced certificates on your gazillion subdomains, just don't. Consolidate your domains and subdomains, or at least consolidate the parts that need SSL. It's as simple as that.
Aha! Parts that need SSL? It'd be nice to have, but none require it -- I'm not running a bank and don't collect payment details! And, no, I will not revisit sound engineering and marketing decisions based on the political limitations of the certificate authorities. Not gonna happen. CAs will not dictate the rules of the game for me.
Fix encryption for HTTP to be as easy as SSH and STARTTLS in SMTP (I don't need no https access scheme for my non-commercial pages!), and I'll gladly enable it for all of my domains. Until then, thanks, but no thanks.