- From: David Morris <dwm@xpasc.com>
- Date: Mon, 18 Nov 2013 11:41:08 -0800 (PST)
- To: httpbis mailing list <ietf-http-wg@w3.org>
On Sun, 17 Nov 2013, Mike Belshe wrote: > And I'm pointing out that Apple does exactly this for a very large > population of developers. I believe wholeheartedly that if 1M app > developers can figure out how to get and maintain a cert, so can 1M website > creators. You have to admit that the top-1M websites and the top-1M apps > have a very high overlap too. :-) I've done both ... iOS developement for multiple entities and obtained and installed certificates for commercial web sites, company web mail, etc. I've also gone though the Microsoft code signing process setup. There are several flaws in any attempt to use Apple's certification process to support assertions about the ease of obtaining and installing web server certificates: a) The Apple process uses a tool and service chain from a single vendor and depends on Apple root certificates. Even then it isn't trivial. And it gets difficult if the individual has roles involving multiple legal entities. b) I've followed the Apple iOS lists and certificate issues have gotten an inordinate amount attention from the difficulties developers have. So even with the amount of control Apple has over the process, it is difficult. c) Certificates are relatively expensive. I've supported web sites where the whole annual budget was $300. I just handled a certificate renewal where the charge was $400 for a 1 year renewal. Cheaper certificates are available, but installation then becomes more complex because an intermediate certificate is required. d) iOS developers are probabaly significantly more competent than the vast majority of web server administrators. No way are iOS developers representative of the technical skill of web server administrators.
Received on Monday, 18 November 2013 19:41:37 UTC