- From: Adrien W. de Croy <adrien@qbik.com>
- Date: Mon, 26 Mar 2012 09:22:03 +0000
- To: "Peter Saint-Andre" <stpeter@stpeter.im>
- Cc: "Mike Belshe" <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, "patrick mcmanus" <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
------ Original Message ------ From: "Peter Saint-Andre" <stpeter@stpeter.im> To: "Adrien W. de Croy" <adrien@qbik.com> Cc: "Mike Belshe" <mike@belshe.com>;"Roy T. Fielding" <fielding@gbiv.com>;"patrick mcmanus" <pmcmanus@mozilla.com>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org> Sent: 26/03/2012 10:03:30 p.m. Subject: Re: SPDY = HTTP/2.0 or not ? >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 3/26/12 10:56 AM, Adrien W. de Croy wrote: > > >>> >>>From a practical point of view, there aren't a lot of >>>alternatives to SSL on the table right now. Most people do agree >>>that SSL does a reasonable job of preventing eavesdropping. >>> >> >> >>I can see a lot of resistance from customers told they now need to >>buy and maintain a certificate from a CA just to run a webserver. >> >>Sure they can run a self-signed cert, but that doesn't fulfil the >>goal of giving the user security. >> > > >Could we cut the FUD about needing to pay for certs? There are indeed >providers of free certificates (I won't mention names for fear of >being tarred with a marketing brush). > providers of free certs who a) verify the identity of the entity they issue the certificate to b) have a root cert that's sufficiently well deployed and trusted to be usable ? I'd be keen to know more. if not a (which is incompatible with free) then is it really security? > > >And SSL/TLS is not *necessarily* tied to PKI, either. > OK. so no private key? Just some shared secret then? >From memory it's fairly painful to get SSL working in a web server. Do we really wish to inflict that pain mandatorily on every web server operator? > > >Peter > >- -- >Peter Saint-Andre >https://stpeter.im/ > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.8 (Darwin) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iEYEARECAAYFAk9wMOIACgkQNL8k5A2w/vzHhwCglS0mTAc8vmtaTELnJXtsiDXt >GwYAnjO/WlyYE+PCs1SgPVB+19Aav0y6 >=cS8p >-----END PGP SIGNATURE----- > > >
Received on Monday, 26 March 2012 09:22:31 UTC