W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 10 Dec 2014 10:48:30 +0100
Message-ID: <CAKaEYh+Bzxn4uZ=0EHCMze-89Dr8COCqb5wB88FnNbQTgsa4Sg@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: Marc Fawzi <marc.fawzi@gmail.com>, Chris Palmer <palmer@google.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, Mark Nottingham <mnot@mnot.net>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org List" <www-tag@w3.org>
On 10 December 2014 at 06:11, Tim Bray <tbray@textuality.com> wrote:

> Mainstream commercial providers like SSLs.com offer single-domain certs
> for <$10/year, wild-card certs “*.w3.org” for <$100/year.  Up till now I
> haven’t recommended the free services because the low commercial prices
> actually pay for considerable documentation and reasonably slick UIs.
> LetsEncrypt might change that.
>
> But I really can’t take seriously the objection that cost is a serious
> obstacle to widespread TLS deployment.
>

Thanks for the data point. Those prices are certainly competitive.

It's easy, and perhaps understandable, to feel the cost/effort of TLS
deployment is not an obstacle.  And in many cases it is not.

However, as the web rolls out to the while planet, it may be less
affordable to the long tail.  In some cases it may make the difference
between a successful hobby project or not. Let's not forget that he web
itself started as a hobby project :)


>
> On Tue, Dec 9, 2014 at 8:24 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>
>> Sorry didn't read the proposal but hopefully there is an "educational
>> program" component. I for one had no clue about free certificates! I'm
>> assuming a ton of web developers are in the dark about it, too. Thank you
>> for the info.
>>
>> Sent from my iPhone
>>
>> > On Dec 9, 2014, at 7:42 PM, Chris Palmer <palmer@google.com> wrote:
>> >
>> >> On Tue, Dec 9, 2014 at 7:36 PM, Marc Fawzi <marc.fawzi@gmail.com>
>> wrote:
>> >>
>> >> Anyway, as far as opinions go I think that APIs that only work on
>> HTTPS but could in reality work on HTTP means that if some app wanted to
>> use such API then it must purchase an SSL certificate (I think they still
>> cost a lot of money) and incur extra cost in the cloud or data center.
>> >
>> > https://letsencrypt.org/
>> > https://sslmate.com/
>> > https://www.cloudflare.com/ssl
>>
>>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)
>
Received on Wednesday, 10 December 2014 09:48:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC