- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Mon, 26 Mar 2012 11:03:30 +0200
- To: "Adrien W. de Croy" <adrien@qbik.com>
- CC: Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, patrick mcmanus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/26/12 10:56 AM, Adrien W. de Croy wrote: >> From a practical point of view, there aren't a lot of >> alternatives to SSL on the table right now. Most people do agree >> that SSL does a reasonable job of preventing eavesdropping. > > I can see a lot of resistance from customers told they now need to > buy and maintain a certificate from a CA just to run a webserver. > > Sure they can run a self-signed cert, but that doesn't fulfil the > goal of giving the user security. Could we cut the FUD about needing to pay for certs? There are indeed providers of free certificates (I won't mention names for fear of being tarred with a marketing brush). And SSL/TLS is not *necessarily* tied to PKI, either. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9wMOIACgkQNL8k5A2w/vzHhwCglS0mTAc8vmtaTELnJXtsiDXt GwYAnjO/WlyYE+PCs1SgPVB+19Aav0y6 =cS8p -----END PGP SIGNATURE-----
Received on Monday, 26 March 2012 09:04:05 UTC