W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Date: Wed, 18 Dec 2013 17:11:26 +0900
Message-ID: <52B158AE.4010501@it.aoyama.ac.jp>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Brian Smith <brian@briansmith.org>, "William Chan (陈智昌)" <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013/12/16 8:24, Stephen Farrell wrote:

> One problem with that is that startcom is only free for 2nd level
> domains (iirc). For those its great and I've used it and would
> recommend it - once I had mail setup for the domain it only took
> 20 minutes to get all the cert stuff sorted. Having said that,
> I've no idea how secure any of their stuff is, but for a case
> where all I want is to get rid of the stupid cert warning dialog,
> what they do is just fine.
>
> But, AFAIK, there's nothing I can get for e.g. my server at
> https://down.dsg.cs.tcd.ie/ Now in theory I could get something
> done via tcd.ie but that's in fact not possible due to our fun
> central university IT folks (same old story:-) and the way that
> the cs n/w in college is autonomous from the rest of tcd.ie.

Hello Stephen,

Thanks for the heads-up! I was occasionally day-dreaming about getting a 
free certificate for my site. But I'm in exactly the same situation as 
you (five levels deep, central university IT,...). On top of that, I 
have organized my stuff so that I use different domains for different 
services, which as I understand means I need multiple certs. But maybe 
some day I'll try with self-signed ones, especially for the 
student-oriented services, because I could tell my students how to check 
that they get the right cert.

Regards,   Martin.

> Now that's all very specific to my server, but I think its (only
> 2nd level domains) likely just one of the gaps between that 30-40%
> and the 99% goal.
>
> Separately, I'm not sure I buy the just-use-1.1 argument that Tim
> made, there's no reason why this particular problem is different
> in that respect. So I don't see why just-use-1.1 is a good answer
> here unless its a good answer everywhere, which doesn't seem to
> be the case.
>
> But yes, work in this space would be great. Doesn't seem to
> be happening yet though. So colour me skeptical for now at least.
>
> S.
>
>
>
Received on Wednesday, 18 December 2013 08:13:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC