W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Re[2]: SPDY = HTTP/2.0 or not ?

From: Ross Nicoll <jrn@jrn.me.uk>
Date: Mon, 26 Mar 2012 12:41:16 +0100
To: "Adrien W. de Croy" <adrien@qbik.com>, Peter Saint-Andre <stpeter@stpeter.im>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CB9613F9.1A4DD%jrn@jrn.me.uk>

On 26/03/2012 10:22, "Adrien W. de Croy" <adrien@qbik.com> wrote:

>------ Original Message ------
>From: "Peter Saint-Andre" <stpeter@stpeter.im>
>To: "Adrien W. de Croy" <adrien@qbik.com>
>Cc: "Mike Belshe" <mike@belshe.com>;"Roy T. Fielding"
><fielding@gbiv.com>;"patrick mcmanus"
><pmcmanus@mozilla.com>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
>Sent: 26/03/2012 10:03:30 p.m.
>Subject: Re: SPDY = HTTP/2.0 or not ?
>>Could we cut the FUD about needing to pay for certs? There are indeed
>>providers of free certificates (I won't mention names for fear of
>>being tarred with a marketing brush).
>providers of free certs who
>a) verify the identity of the entity they issue the certificate to
>b) have a root cert that's sufficiently well deployed and trusted to be
>?  I'd be keen to know more.
>if not a (which is incompatible with free) then is it really security?

I've used StartSSL ( http://www.startssl.com/?app=1 ) as a "better than
nothing" option for budget-less projects, before. Their certificates seem
fairly widely deployed (we certainly never had an issue with it).
Received on Monday, 26 March 2012 11:41:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC