W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: something I don't get about the current plan...

From: Mike Belshe <mike@belshe.com>
Date: Sun, 17 Nov 2013 14:25:02 -0800
Message-ID: <CABaLYCtS1dYNLjhj4Jok1Tm2hfn7Uwojtanj6+7mDC=0yvY8tg@mail.gmail.com>
To: Bruce Perens <bruce@perens.com>
Cc: httpbis mailing list <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 2:18 PM, Bruce Perens <bruce@perens.com> wrote:

>  On 11/17/2013 02:12 PM, Mike Belshe wrote:
>
>
>  There are a million apps in the app store, and every one of them had to
> go get a cert and keep it up to date.  Why is it harder for the
> top-1million websites to do this?
>
>
> There is an obvious difference between authentication and encryption for
> the purpose of obscuring content. It is not necesary to encrypt in order to
> authenticate, only to sign.
>

Certificates are for server authentication, which we then use to negotiate
encryption.  This is about server auth.

But you took this in a different direction from Stephen's original
question.  He asked whether it was realistic to expect websties to all go
get certificates.

And I'm pointing out that Apple does exactly this for a very large
population of developers.   I believe wholeheartedly that if 1M app
developers can figure out how to get and maintain a cert, so can 1M website
creators.  You have to admit that the top-1M websites and the top-1M apps
have a very high overlap too. :-)

Mike
Received on Sunday, 17 November 2013 22:25:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC