W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Authentication over HTTP

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 15 Jul 2013 10:32:31 +0200
Cc: ietf-http-wg@w3.org
Message-Id: <20E2425E-2FD7-4435-9529-1C3FC001D495@bblfish.net>
To: M Stefan <mstefanro@gmail.com>

On 15 Jul 2013, at 01:15, M Stefan <mstefanro@gmail.com> wrote:

> 
> Nowadays, the only serious way of providing secure communications over
> HTTP is using HTTPS. Many web hosts are reluctant to using it because
> of the extra computational burden and the necessity of buying
> certificates. Some sites cannot afford being part of it or simply
> do not agree with the idea of paying a certificate authority money.

The problem of cost could be solved by deploying DANE in browsers
http://tools.ietf.org/html/rfc6698 
It would make the internet more secure all the way around.

Computational cost is no longer a problem. Google and Facebook provide
it with billions of connections a day.

Henry

Social Web Architect
http://bblfish.net/
Received on Monday, 15 July 2013 08:33:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC