- From: Ross Nicoll <jrn@jrn.me.uk>
- Date: Mon, 26 Mar 2012 12:41:16 +0100
- To: "Adrien W. de Croy" <adrien@qbik.com>, Peter Saint-Andre <stpeter@stpeter.im>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 26/03/2012 10:22, "Adrien W. de Croy" <adrien@qbik.com> wrote: > >------ Original Message ------ >From: "Peter Saint-Andre" <stpeter@stpeter.im> >To: "Adrien W. de Croy" <adrien@qbik.com> >Cc: "Mike Belshe" <mike@belshe.com>;"Roy T. Fielding" ><fielding@gbiv.com>;"patrick mcmanus" ><pmcmanus@mozilla.com>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org> >Sent: 26/03/2012 10:03:30 p.m. >Subject: Re: SPDY = HTTP/2.0 or not ? > >>Could we cut the FUD about needing to pay for certs? There are indeed >>providers of free certificates (I won't mention names for fear of >>being tarred with a marketing brush). >> > >providers of free certs who > >a) verify the identity of the entity they issue the certificate to >b) have a root cert that's sufficiently well deployed and trusted to be >usable > >? I'd be keen to know more. > >if not a (which is incompatible with free) then is it really security? I've used StartSSL ( http://www.startssl.com/?app=1 ) as a "better than nothing" option for budget-less projects, before. Their certificates seem fairly widely deployed (we certainly never had an issue with it).
Received on Monday, 26 March 2012 11:41:50 UTC