Re: Draft finding - "Transitioning the Web to HTTPS"

Mainstream commercial providers like SSLs.com offer single-domain certs for
<$10/year, wild-card certs “*.w3.org” for <$100/year.  Up till now I
haven’t recommended the free services because the low commercial prices
actually pay for considerable documentation and reasonably slick UIs.
LetsEncrypt might change that.

But I really can’t take seriously the objection that cost is a serious
obstacle to widespread TLS deployment.

On Tue, Dec 9, 2014 at 8:24 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:

> Sorry didn't read the proposal but hopefully there is an "educational
> program" component. I for one had no clue about free certificates! I'm
> assuming a ton of web developers are in the dark about it, too. Thank you
> for the info.
>
> Sent from my iPhone
>
> > On Dec 9, 2014, at 7:42 PM, Chris Palmer <palmer@google.com> wrote:
> >
> >> On Tue, Dec 9, 2014 at 7:36 PM, Marc Fawzi <marc.fawzi@gmail.com>
> wrote:
> >>
> >> Anyway, as far as opinions go I think that APIs that only work on HTTPS
> but could in reality work on HTTP means that if some app wanted to use such
> API then it must purchase an SSL certificate (I think they still cost a lot
> of money) and incur extra cost in the cloud or data center.
> >
> > https://letsencrypt.org/
> > https://sslmate.com/
> > https://www.cloudflare.com/ssl
>
>


-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)

Received on Wednesday, 10 December 2014 05:11:56 UTC