W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Marc Fawzi <marc.fawzi@gmail.com>
Date: Fri, 12 Dec 2014 19:47:46 -0800
Message-Id: <10DF3E73-F924-4732-B6DB-9A53CFDF7564@gmail.com>
Cc: Paul Libbrecht <paul@hoplahup.net>, Melvin Carvalho <melvincarvalho@gmail.com>, Tim Bray <tbray@textuality.com>, Chris Palmer <palmer@google.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, Mark Nottingham <mnot@mnot.net>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org List" <www-tag@w3.org>
To: Anne van Kesteren <annevk@annevk.nl>
Not an argument against https-everything but would anyone say that the web could have been taken into another more interesting direction with "built in" Web Crypto-based request encryption (built in means not downloaded as a script but built into the browser) and web servers that encrypt the response using the user's public key. Why would we need a centralized certificate authority? Why do we assign the authority to a 3rd party? If my browser can detect the sever's capability, gets it's public key and automatically encrypts every request I send to it then what would be the reason for having a certificate authority? 

Sent from my iPhone

> On Dec 12, 2014, at 1:59 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> On Fri, Dec 12, 2014 at 9:55 PM, Paul Libbrecht <paul@hoplahup.net> wrote:
>> But not UI has appeared doing that.
> I'm hopeful for https://letsencrypt.org/ to make this easy over time
> (and eventually simply the default with shared hosting setups). Until
> then dealing with the UI mess that is StartSSL or paying a bit for
> SSLMate is the way to go.
> -- 
> https://annevankesteren.nl/
Received on Saturday, 13 December 2014 03:48:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC