Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

On 12/14/2013 08:40 PM, Brian Smith wrote:
> There are already at least three commercial CAs, that browsers trust, that
> give away free certificates: StartCom (restricted to non-business use),
> GlobalSign (restricted to open source projects), and GoDaddy (restricted to
> open source projects).

One problem with that is that startcom is only free for 2nd level
domains (iirc). For those its great and I've used it and would
recommend it - once I had mail setup for the domain it only took
20 minutes to get all the cert stuff sorted. Having said that,
I've no idea how secure any of their stuff is, but for a case
where all I want is to get rid of the stupid cert warning dialog,
what they do is just fine.

But, AFAIK, there's nothing I can get for e.g. my server at Now in theory I could get something
done via but that's in fact not possible due to our fun
central university IT folks (same old story:-) and the way that
the cs n/w in college is autonomous from the rest of

Now that's all very specific to my server, but I think its (only
2nd level domains) likely just one of the gaps between that 30-40%
and the 99% goal.

Separately, I'm not sure I buy the just-use-1.1 argument that Tim
made, there's no reason why this particular problem is different
in that respect. So I don't see why just-use-1.1 is a good answer
here unless its a good answer everywhere, which doesn't seem to
be the case.

But yes, work in this space would be great. Doesn't seem to
be happening yet though. So colour me skeptical for now at least.


Received on Sunday, 15 December 2013 23:24:35 UTC