W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

RE: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Christian Huitema <huitema@huitema.net>
Date: Sat, 14 Dec 2013 23:16:55 -0800
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, '"William Chan (ι™ˆζ™Ίζ˜Œ)"' <willchan@chromium.org>, "'Paul Hoffman'" <paul.hoffman@gmail.com>
Cc: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <003701cef965$a3de48b0$eb9ada10$@huitema.net>
> What that leaves unclear for me is how the current 30-40% of web
> sites that are setup for some form of TLS will suddenly become
> 99%. Without some other action on helping sites get certs, it
> just won't happen would be my prediction.

Either helping sites get certs, or adding support for self-signed certs. Maybe combine self-signed certs and pinning. Maybe use a naming convention, something like "www-selfsigned.example.com." Or maybe www-07FDAE37.example.com, where 07FDAE37 is some identifier of the self-signed cert. If the browsers knew to expect a self-signed cert, they would not have to put up the scary UI when they find one...

-- Christian Huitema
Received on Sunday, 15 December 2013 07:17:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC