Re: Rough minutes

On Sun, Nov 10, 2013 at 04:10:34PM -0800, Christian Huitema wrote:
> That's certainly an argument. But then, there are design implications.
> Consider the sites that do not have a valid certificate today. Is it because
> they don't want to pay the CA, or is it because they don't want to bother
> with certificate maintenance? If the argument is really about cost of
> managing the certificate, expiry date, etc., then the opportunistic mode
> should be truly "zero administration." Can we achieve that with short-lived
> self-signed certificates?

The reasons I have heard are:
1) Price

- Basic Certificates are pretty cheap nowadays.
- EV certs are expensive, but who need those surely can afford it.

=> Minor issue.

2) Maintenance

- Generating CSRs
- Installing certifificates.
- Renewing before expiry.
- Significant potential for software improvments.

=> Significant issue.

3) Performance

- The startup overhead is significant.
- But modern hardware is pretty much powerful enough.
- HTTP/2 helps here (due to long-lived connections).

=> Minor issue in HTTP/2, might be issue in HTTP/1.

4) Mixed content

- Not all external services are available over TLS.
- Big issue for some sites (even quoted as THE showstopper).
- Of course, some view those services as security problems in
themselves (unwanted surveilance and possiblity of injecting
hostile scripts).

=> Major issue.

5) URL schemes

- Site might have http:// links to itself in the database
(major issue for some types of sites).
- Main blocker on at least one site I know.

=> Might be significant issue, depending on type of site.


Received on Monday, 11 November 2013 00:54:27 UTC