[Cryptography] HTTP should be deprecated.

Peter Saint-Andre stpeter at stpeter.im
Mon Nov 4 20:00:56 EST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/4/13 4:58 PM, Theodore Ts'o wrote:
> On Mon, Nov 04, 2013 at 02:01:15PM -0500, Eric Mill wrote:
>> 
>> But I'm also very pro-"it should be easy to publish things on
>> the Internet", and key management *is* a pain in the ass.
>> Requiring it Internet-wide would raise the barrier for people new
>> to web publishing to get started, and/or make more people just
>> use a *.wordpress.com or *. whatever.com domain, rather than
>> bother getting their own.
> 
> I'm in the anti-"pay CA's for their crappy job" school.  So my web 
> site uses a CACert certificate, which most browsers don't accept, 
> which is why I default to http.  If people want to access my web
> site via https, they certainly can --- and that I's how I access it
> when I need to send my password to the administrative interface for
> my site. I just don't force via a redirect that users use https for
> thunk.org.
> 
> If deprecating http means that I have to pay $$$ to Verisign or 
> GoDaddy, I'm personally not excited about funding elephant hunters
> or a company that is probably deep in the pockets of the US
> Government.

There are lots of CA options out there, some of them free as in beer
(e.g., StartSSL) even if not free as in speech (e.g., CAcert).

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSeENIAAoJEOoGpJErxa2pXJUQAK3gEoMZ6hTXaV13XOjqKtqv
w3XwBzB2jfNzlwVWex7KT/cJHBll2xKIbTnpBbKwsI4X6LpV2n2U3Mhqujir+BhB
EY0GbX0TLTVXPpzodDcHfoDtfK3aXQgC3jDSWBtdYPjo0rFCfigAE6GIQG4c0RDl
LA12pVJY+YnaxO6oNl7vbrUix6RLvI4rgI8vyyvizQ8p8iqNITvxkhu9hCnpLauB
k5DIBgaH3+6CGvafztoL5LLSWuVFOrVs3snVxPpC14A4lH1RIIXYjsUx+hlml0ch
9gKk2wxzpu4MEw572sK7RJUZj1d0dneTvQG+Ju5qSkkwjTdL3h8SHcPpp0o5klxE
laEp1nWZbJ3QcbxTViBvTRM6oPXnM1cZDQnrKn4maz4S8b2Cl2Q6qkc3iv0pJJs3
9ErPvIa8HndSb+5D8gNTmDc8L5qhmTHTpjBld354BMtNsMYt1rOuVPgt/Z53jsYZ
dumRTeDVk0uE5aZ6itjk8zGIs5wUb0Eo7oduw7VVTG0Q0OsWYFQB2omm84F0hOB0
fnpAxVYGUMRdh1PEYRoH8Gu7INFTRXzKLmRdm7KYMn/hTY1MOYmouz+YbOzjGXCo
IeGIH7XB+Q/ARoC4LXfp12H8NdZOFkHo66unMIGZiDDfEshdzHw6O+0Jii09Ba7Z
3WGBCTw/Z3l2NKN6m9Bz
=cSp0
-----END PGP SIGNATURE-----

More information about the cryptography mailing list