- From: Mike Belshe <mike@belshe.com>
- Date: Sun, 17 Nov 2013 14:25:02 -0800
- To: Bruce Perens <bruce@perens.com>
- Cc: httpbis mailing list <ietf-http-wg@w3.org>
Received on Sunday, 17 November 2013 22:25:30 UTC
On Sun, Nov 17, 2013 at 2:18 PM, Bruce Perens <bruce@perens.com> wrote: > On 11/17/2013 02:12 PM, Mike Belshe wrote: > > > There are a million apps in the app store, and every one of them had to > go get a cert and keep it up to date. Why is it harder for the > top-1million websites to do this? > > > There is an obvious difference between authentication and encryption for > the purpose of obscuring content. It is not necesary to encrypt in order to > authenticate, only to sign. > Certificates are for server authentication, which we then use to negotiate encryption. This is about server auth. But you took this in a different direction from Stephen's original question. He asked whether it was realistic to expect websties to all go get certificates. And I'm pointing out that Apple does exactly this for a very large population of developers. I believe wholeheartedly that if 1M app developers can figure out how to get and maintain a cert, so can 1M website creators. You have to admit that the top-1M websites and the top-1M apps have a very high overlap too. :-) Mike
Received on Sunday, 17 November 2013 22:25:30 UTC