Mainstream commercial providers like SSLs.com offer single-domain certs for <$10/year, wild-card certs “*.w3.org” for <$100/year. Up till now I haven’t recommended the free services because the low commercial prices actually pay for considerable documentation and reasonably slick UIs. LetsEncrypt might change that. But I really can’t take seriously the objection that cost is a serious obstacle to widespread TLS deployment. On Tue, Dec 9, 2014 at 8:24 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote: > Sorry didn't read the proposal but hopefully there is an "educational > program" component. I for one had no clue about free certificates! I'm > assuming a ton of web developers are in the dark about it, too. Thank you > for the info. > > Sent from my iPhone > > > On Dec 9, 2014, at 7:42 PM, Chris Palmer <palmer@google.com> wrote: > > > >> On Tue, Dec 9, 2014 at 7:36 PM, Marc Fawzi <marc.fawzi@gmail.com> > wrote: > >> > >> Anyway, as far as opinions go I think that APIs that only work on HTTPS > but could in reality work on HTTP means that if some app wanted to use such > API then it must purchase an SSL certificate (I think they still cost a lot > of money) and incur extra cost in the cloud or data center. > > > > https://letsencrypt.org/ > > https://sslmate.com/ > > https://www.cloudflare.com/ssl > > -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
Received on Wednesday, 10 December 2014 05:11:56 UTC