- From: Adrien W. de Croy <adrien@qbik.com>
- Date: Mon, 26 Mar 2012 10:35:34 +0000
- To: "Peter Saint-Andre" <stpeter@stpeter.im>
- Cc: "Mike Belshe" <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, "patrick mcmanus" <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
------ Original Message ------ From: "Peter Saint-Andre" <stpeter@stpeter.im> >> >> >>Ok thanks. >> >>In the end though, even if the certificate itself isn't charged >>for, there's still a cost involved in obtaining and installing it. >> >>Generating a signing request etc, importing the certificate and >>managing the private key. >> >>These add a significant requirement to many HTTP server deployment >>scenarios, not the least in terms of level of knowledge of the >>person doing it. >> > > >It might seem easier and cheaper for me if I don't have to install a >lock on the door to my house, fumble for the keys when I get home at >night, etc. But actually it's easier and cheaper for me if random >people can't walk into my house. There ain't no such thing as free >security. > a lot of these points are moot, since Mike has informed us the latest SPDY draft does not mandate encryption. Re your house simile... we're used to houses and doors and locks. I can't imagine the pain of trying to support non-technical home users through the process of securing a web server with SSL. So I think we can assume that many deployments will opt out. > > >(Oh, and these messages are all as individual, not area director.) > ok no prob - 1 week to go? Adrien > > >Peter > >- -- >Peter Saint-Andre >https://stpeter.im/ > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.8 (Darwin) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iEYEARECAAYFAk9wQ9IACgkQNL8k5A2w/vzFEACg0Vdrvmi/FoEMChWJImhgUlK1 >v4kAoOLgclSi2ky4gMUBxJidUPAfXi0F >=cF8V >-----END PGP SIGNATURE----- > >
Received on Monday, 26 March 2012 10:36:18 UTC