- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sun, 15 Dec 2013 23:24:10 +0000
- To: Brian Smith <brian@briansmith.org>
- CC: "William Chan (ιζΊζ)" <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 12/14/2013 08:40 PM, Brian Smith wrote: > There are already at least three commercial CAs, that browsers trust, that > give away free certificates: StartCom (restricted to non-business use), > GlobalSign (restricted to open source projects), and GoDaddy (restricted to > open source projects). One problem with that is that startcom is only free for 2nd level domains (iirc). For those its great and I've used it and would recommend it - once I had mail setup for the domain it only took 20 minutes to get all the cert stuff sorted. Having said that, I've no idea how secure any of their stuff is, but for a case where all I want is to get rid of the stupid cert warning dialog, what they do is just fine. But, AFAIK, there's nothing I can get for e.g. my server at https://down.dsg.cs.tcd.ie/ Now in theory I could get something done via tcd.ie but that's in fact not possible due to our fun central university IT folks (same old story:-) and the way that the cs n/w in college is autonomous from the rest of tcd.ie. Now that's all very specific to my server, but I think its (only 2nd level domains) likely just one of the gaps between that 30-40% and the 99% goal. Separately, I'm not sure I buy the just-use-1.1 argument that Tim made, there's no reason why this particular problem is different in that respect. So I don't see why just-use-1.1 is a good answer here unless its a good answer everywhere, which doesn't seem to be the case. But yes, work in this space would be great. Doesn't seem to be happening yet though. So colour me skeptical for now at least. S.
Received on Sunday, 15 December 2013 23:24:35 UTC