Ask HN: Should tiered-priced apps charge a premium for SSL support?

3 points by andrewingram ↗ HN
With the recent widespread attention of session hijacking thanks to Firesheep, I'm hopeful that more developers are going to think seriously about ways to prevent it. With SSL being an obvious solution, I'm wondering if it's reasonable for services like typekit to only offer SSL serving to their top-paying customers.<p>(I don't mean to pick on typekit, but they're the only example I could find at the time)<p>Given the ease of making sites with some kind of login functionality these days, it seems that being able to use SSL should no longer be seen as a premium service.

2 comments

[ 0.26 ms ] story [ 18.3 ms ] thread
I believe that having your users protected is not a premium feature, but responsibility of any respectable service. If SSL required for that - it should be offered for free.
With typekit the issue is slightly different in that no session data is leaked, but having a non-SSL resource (ie a typekit font) on an SSL page will throw up warnings in some browsers.