- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Mon, 11 Nov 2013 02:54:02 +0200
- To: Christian Huitema <huitema@huitema.net>
- Cc: 'Yoav Nir' <ynir@checkpoint.com>, 'Julian Reschke' <julian.reschke@gmx.de>, 'HTTP Working Group' <ietf-http-wg@w3.org>, 'Peter Lepeska' <bizzbyster@gmail.com>, 'Tim Bray' <tbray@textuality.com>, 'Mark Nottingham' <mnot@mnot.net>
On Sun, Nov 10, 2013 at 04:10:34PM -0800, Christian Huitema wrote: > > That's certainly an argument. But then, there are design implications. > Consider the sites that do not have a valid certificate today. Is it because > they don't want to pay the CA, or is it because they don't want to bother > with certificate maintenance? If the argument is really about cost of > managing the certificate, expiry date, etc., then the opportunistic mode > should be truly "zero administration." Can we achieve that with short-lived > self-signed certificates? The reasons I have heard are: 1) Price - Basic Certificates are pretty cheap nowadays. - EV certs are expensive, but who need those surely can afford it. => Minor issue. 2) Maintenance - Generating CSRs - Installing certifificates. - Renewing before expiry. - Significant potential for software improvments. => Significant issue. 3) Performance - The startup overhead is significant. - But modern hardware is pretty much powerful enough. - HTTP/2 helps here (due to long-lived connections). => Minor issue in HTTP/2, might be issue in HTTP/1. 4) Mixed content - Not all external services are available over TLS. - Big issue for some sites (even quoted as THE showstopper). - Of course, some view those services as security problems in themselves (unwanted surveilance and possiblity of injecting hostile scripts). => Major issue. 5) URL schemes - Site might have http:// links to itself in the database (major issue for some types of sites). - Main blocker on at least one site I know. => Might be significant issue, depending on type of site. -Ilari
Received on Monday, 11 November 2013 00:54:27 UTC