W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: SPDY = HTTP/2.0 or not ?

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Mon, 26 Mar 2012 11:03:30 +0200
Message-ID: <4F7030E2.3060707@stpeter.im>
To: "Adrien W. de Croy" <adrien@qbik.com>
CC: Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, patrick mcmanus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 3/26/12 10:56 AM, Adrien W. de Croy wrote:

>> From a practical point of view, there aren't a lot of
>> alternatives to SSL on the table right now.  Most people do agree
>> that SSL does a reasonable job of preventing eavesdropping.
> 
> I can see a lot of resistance from customers told they now need to
> buy and maintain a certificate from a CA just to run a webserver.
> 
> Sure they can run a self-signed cert, but that doesn't fulfil the
> goal of giving the user security.

Could we cut the FUD about needing to pay for certs? There are indeed
providers of free certificates (I won't mention names for fear of
being tarred with a marketing brush).

And SSL/TLS is not *necessarily* tied to PKI, either.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9wMOIACgkQNL8k5A2w/vzHhwCglS0mTAc8vmtaTELnJXtsiDXt
GwYAnjO/WlyYE+PCs1SgPVB+19Aav0y6
=cS8p
-----END PGP SIGNATURE-----
Received on Monday, 26 March 2012 09:04:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT