Re: Preparing to Publish HTTPS Finding from henry.story@bblfish.net on 2014-12-21 (www-tag@w3.org from December 2014)

From: <henry.story@bblfish.net>
Date: Sun, 21 Dec 2014 18:06:37 +0000
To: Carvalho Melvin <melvincarvalho@gmail.com>
Cc: Chris Palmer <palmer@google.com>, Daniel Appelquist <appelquist@gmail.com>, TAG List <www-tag@w3.org>, Ian Jacobs <ij@w3.org>
Message-Id: <E37F73F8-DC03-4F24-B4A7-1BAECBDC6A5A@bblfish.net>

> On 21 Dec 2014, at 17:24, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> 
> 
> 
> On 19 December 2014 at 21:07, Chris Palmer <palmer@google.com <mailto:palmer@google.com>> wrote:
> On Fri, Dec 19, 2014 at 3:12 AM, Melvin Carvalho
> <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
> 
> > However the cost of a wildcard HTTPS certificate is still prohibitive, if
> > you consider the budget of world population, or the long tail of
> > development, both of which tend to be under represented in TAG discussions.
> 
> Can you have some of those people subscribe to this list and post
> their stories? I'd be interested to see if we can help.
> 
> Perhaps what would help may be some research, and data points, regarding the cost of switching from HTTP to HTTPS.  
> 
> A useful exercise could be to imagine a world where, sometime in the future, every person would become a stake holder in the web.  
> 
> Let's take India, which is on target to be the most populous country of the 21st century.  
> 
> "The annual median per capita [yearly] income in India stood at $616, the 99th position among 131 countries." [1] (Gallup Dec 2013)
> 
> So what's the cost of a wildcard SSL certificate (someone quoted $100 in a previous)?  Is it affordable?  
> 
> The finding says that HTTPS will only be needed for new features.  So, are we moving to a two tier web, where some features are for everyone and and some are for others?  
> 
> If so, maybe we should try and make a list of the which features these are likely to be.  
> 
> During the Olympics timbl stated the web was "for everyone".  It would be inspiring if some on this list echoed that vision.
> 
> [1] http://www.business-standard.com/article/economy-policy/india-s-median-per-capita-income-lowest-among-brics-gallup-113121600968_1.html <http://www.business-standard.com/article/economy-policy/india-s-median-per-capita-income-lowest-among-brics-gallup-113121600968_1.html>

Clearly growing https everywhere requires putting in place methods to allow 0$ certificates. This should be possible with
DANE https://tools.ietf.org/html/rfc6698 which puts the public key of the server in the DNS-SEC. 

All that is needed then is to develop simple protocols to make it extreemly easy to set up servers that tie into the DNS.

If the draft finding can encourage vendors to move to that or a similar standard, that would answer your questions no?

Henry

Social Web Architect
http://bblfish.net/

Received on Sunday, 21 December 2014 18:07:07 UTC