- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Mon, 26 Mar 2012 13:42:33 +0200
- To: Ross Nicoll <jrn@jrn.me.uk>
- CC: "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/26/12 1:41 PM, Ross Nicoll wrote: > > On 26/03/2012 10:22, "Adrien W. de Croy" <adrien@qbik.com> wrote: > >> >> ------ Original Message ------ From: "Peter Saint-Andre" >> <stpeter@stpeter.im> To: "Adrien W. de Croy" <adrien@qbik.com> >> Cc: "Mike Belshe" <mike@belshe.com>;"Roy T. Fielding" >> <fielding@gbiv.com>;"patrick mcmanus" >> <pmcmanus@mozilla.com>;"ietf-http-wg@w3.org" >> <ietf-http-wg@w3.org> Sent: 26/03/2012 10:03:30 p.m. Subject: Re: >> SPDY = HTTP/2.0 or not ? >> >>> Could we cut the FUD about needing to pay for certs? There are >>> indeed providers of free certificates (I won't mention names >>> for fear of being tarred with a marketing brush). >>> >> >> providers of free certs who >> >> a) verify the identity of the entity they issue the certificate >> to b) have a root cert that's sufficiently well deployed and >> trusted to be usable >> >> ? I'd be keen to know more. >> >> if not a (which is incompatible with free) then is it really >> security? > > I've used StartSSL ( http://www.startssl.com/?app=1 ) as a "better > than nothing" option for budget-less projects, before. Their > certificates seem fairly widely deployed (we certainly never had an > issue with it). As I said, check the cert at https://stpeter.im/ ;-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9wVikACgkQNL8k5A2w/vzXDACgtCi2ydYCJC04p59DlhGA+M9j RUoAoKXnQzcKMiyyYhdyHvTiI3qKt6Bw =DJN7 -----END PGP SIGNATURE-----
Received on Monday, 26 March 2012 11:43:06 UTC