- From: Marc Fawzi <marc.fawzi@gmail.com>
- Date: Fri, 12 Dec 2014 19:47:46 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Paul Libbrecht <paul@hoplahup.net>, Melvin Carvalho <melvincarvalho@gmail.com>, Tim Bray <tbray@textuality.com>, Chris Palmer <palmer@google.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, Mark Nottingham <mnot@mnot.net>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org List" <www-tag@w3.org>
Not an argument against https-everything but would anyone say that the web could have been taken into another more interesting direction with "built in" Web Crypto-based request encryption (built in means not downloaded as a script but built into the browser) and web servers that encrypt the response using the user's public key. Why would we need a centralized certificate authority? Why do we assign the authority to a 3rd party? If my browser can detect the sever's capability, gets it's public key and automatically encrypts every request I send to it then what would be the reason for having a certificate authority? Sent from my iPhone > On Dec 12, 2014, at 1:59 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > >> On Fri, Dec 12, 2014 at 9:55 PM, Paul Libbrecht <paul@hoplahup.net> wrote: >> But not UI has appeared doing that. > > I'm hopeful for https://letsencrypt.org/ to make this easy over time > (and eventually simply the default with shared hosting setups). Until > then dealing with the UI mess that is StartSSL or paying a bit for > SSLMate is the way to go. > > > -- > https://annevankesteren.nl/
Received on Saturday, 13 December 2014 03:48:21 UTC