I wonder if they have plans for CloudFront too. That'd be a killer feature to be able to use HTTPS on cloudfront on a custom domain without it costing a fortune.
You already can do that for pretty cheap (if you use SNI), but only from the CLI and the command isn't exactly simple. [0] Having it integrated so you just click 'yes, SSL' and it handles cert generation and config would be great.
The problem is not the SSL certificate, the problem is the IP address. That will no longer be a problem as soon as IPv6 takes hold in a few years, I give it about 3. They currently have to deploy the SSL certificate to over 30 different IPs hence it costing the immense amount. The certificate can be had for $10.
I dunno where the line it, but Windows XP is in the ballpark of 2% of our traffic, depending on the site and how you measure it. The bummer is that HTTPS breaks kinda badly if you use an SNI cert and the OS/browser doesn't support it.
The latter sounds more likely to me. The sites I run get about 2.5% XP, but most of that population uses Chrome or Firefox. IE on XP accounts for only 0.3% overall.
At this point my experience is that most people still on XP are using IE - it mostly appears to be institutions that are still(!) using a primitive corporate build.
What's the benefit to serving your assets from a custom SSL-secured domain over https://whatever.cloudfront.net? The end-user doesn't really care what domain they're served from.
