Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99988 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46332 invoked from network); 21 Jul 2017 08:32:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Jul 2017 08:32:04 -0000 Authentication-Results: pb1.pair.com header.from=mathiasgrimm@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=mathiasgrimm@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.46 as permitted sender) X-PHP-List-Original-Sender: mathiasgrimm@gmail.com X-Host-Fingerprint: 74.125.83.46 mail-pg0-f46.google.com Received: from [74.125.83.46] ([74.125.83.46:38611] helo=mail-pg0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 57/61-02884-00CB1795 for ; Fri, 21 Jul 2017 04:32:02 -0400 Received: by mail-pg0-f46.google.com with SMTP id s4so25818743pgr.5 for ; Fri, 21 Jul 2017 01:32:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mgaXnPJ/mQdtpWR9orQVrDGnrxjxpNuaJMYoJeD72Nc=; b=OJD6oJKJzfnlof+VwQ8Kc+1gnYJRte+Sxy03LPak4oGwN675Il1H6n0Yi29c5mDCvH NHV6YriwMxqfgQtlf9JBUePgkaNNURi+FWnCecn70HDRHrn8ltXbOCPFznl+TyZN5pP5 T7Vpx9iEPbEaSqd5QIjOiBlDd8Eg5XPakcnr3N93HBZwSRVHXw63DyTFB3xmVT7lok9A BTs0H3u5+kV8nr9rWPIl4Us6Q+3+WdVi6E7C48on6DUVYUMoCaZljcYFW99Q8prDWmlo jyrq8QnYI9JO/+SY5k3um8ZkRn1gBCp4umkIKSfMYcIK76xEZnh+1Mt9wD1OT/bMMgt7 8OjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mgaXnPJ/mQdtpWR9orQVrDGnrxjxpNuaJMYoJeD72Nc=; b=XftMMpO17VQmj77onlCELC1okrKr5LtAl0MnxeHay0xksUgk1GZhA5i5Ow4uv0RreU /AVMaVIK/FCef4ydO+Tbb7vL5LL60qeFakcqLAsNVHbdHy5IXwJsOYuQDEETmtj+V8Oj aDLp8mDmenaMNjxYfA99f7BFlQBVdQNXGl5/nrFI4oRQlEu1KXT2BSKPrAQBZqoIUh8B oqNsI2HBBXEzMzv+DoUrJjRPqBYXl/EfFHYeoRYqOTuDWZcBTuvJxjOgHyfKwWm7lmXq 1smbfYVVTtAn+MFGM9aDIVhgq2Xx9cZJr44529INvkycmMcNFrgkzaphpbcLZyVwpFBT mvAA== X-Gm-Message-State: AIVw111jd73ZJ/ifMgO44+CEw3KCA2NYlME3XpnFuAwz6xajicOWnApa jdl1cUzuo8SWJCzkKvn9pkkeS52meQ== X-Received: by 10.99.36.131 with SMTP id k125mr6610187pgk.324.1500625917355; Fri, 21 Jul 2017 01:31:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.156.2 with HTTP; Fri, 21 Jul 2017 01:31:56 -0700 (PDT) In-Reply-To: References: Date: Fri, 21 Jul 2017 10:31:56 +0200 Message-ID: To: Rasmus Lerdorf Cc: Niklas Keller , Sara Golemon , "internals@lists.php.net" Content-Type: multipart/alternative; boundary="94eb2c031540beae8c0554cfb2e9" Subject: Re: [PHP-DEV] php.net website From: mathiasgrimm@gmail.com (Mathias Grimm) --94eb2c031540beae8c0554cfb2e9 Content-Type: text/plain; charset="UTF-8" If php is mainly static it could be almost fully cached in a CDN. For the downloads I don't think the latency would be a problem but that can also be in the CDN If php owned two servers in US and two in Europe and possibly 2 in Asia we would be goon in terms of latency for the search IMO. On 20 July 2017 at 19:38, Rasmus Lerdorf wrote: > On Thu, Jul 20, 2017 at 1:42 AM, Niklas Keller wrote: >> >> They can also just request them themselves, but only for their mirror >> domain. If you allow them to issue for www.php.net, you can as well just >> put the current private key there. >> > > I think there is a big difference between putting the private key there > and proxying validation for just a www.php.net CN alias. We already have > a list of known mirrors, so we would make sure to only validate > www.php.net for those. By validating www.php.net we allow any mirror to > pretend they are www.php.net and no other *.php.net domain, which is > exactly what we want. > > -Rasmus > --94eb2c031540beae8c0554cfb2e9--