W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: something I don't get about the current plan...

From: David Morris <dwm@xpasc.com>
Date: Mon, 18 Nov 2013 11:41:08 -0800 (PST)
To: httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <alpine.LRH.2.01.1311181122280.15428@egate.xpasc.com>


On Sun, 17 Nov 2013, Mike Belshe wrote:

> And I'm pointing out that Apple does exactly this for a very large
> population of developers.   I believe wholeheartedly that if 1M app
> developers can figure out how to get and maintain a cert, so can 1M website
> creators.  You have to admit that the top-1M websites and the top-1M apps
> have a very high overlap too. :-)

I've done both ... iOS developement for multiple entities and obtained and
installed certificates for commercial web sites, company web mail, etc.
I've also gone though the Microsoft code signing process setup.

There are several flaws in any attempt to use Apple's certification
process to support assertions about the ease of obtaining and installing
web server certificates:

a) The Apple process uses a tool and service chain from a single
   vendor and depends on Apple root certificates. Even then it isn't
   trivial. And it gets difficult if the individual has roles involving
   multiple legal entities.

b) I've followed the Apple iOS lists and certificate issues have gotten
   an inordinate amount attention from the difficulties developers have.
   So even with the amount of control Apple has over the process, it
   is difficult.

c) Certificates are relatively expensive. I've supported web sites where
   the whole annual budget was $300. I just handled a certificate renewal
   where the charge was $400 for a 1 year renewal. Cheaper certificates
   are available, but installation then becomes more complex because an
   intermediate certificate is required.

d) iOS developers are probabaly significantly more competent than the
   vast majority of web server administrators. No way are iOS developers
   representative of the technical skill of web server administrators.
Received on Monday, 18 November 2013 19:41:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC