On Friday, May 1, 2015 at 7:03:32 PM UTC+2, Adam Roach wrote: > On 5/1/15 05:03, Matthew Phillips wrote: > > All mandatory https will do is discourage people from participating in > > speech unless they can afford the very high costs (both in dollars and > > in time) that you are now suggesting be required. > > Let's be clear about the costs and effort involved. > > There are already several deployed CAs that issue certs for free. And > within a couple of months, it will take users two simple commands, zero > fiscal cost, and several tens of seconds to obtain and activate a cert: > > https://letsencrypt.org/howitworks/ > > There is great opportunity for you to update your knowledge about how > the the world of CAs has changed in the past decade. Seize it.
That's not how it works. That's how you and letsencrypt imagine it'll work. In reality, it's anybodies guess if that's even feasible (I don't think so, but I digress). Let's even assume that every shared host, CDN, etc. can use this (which they can't, because custom deployments, whatever), do you think the long-established SSL cert racket syndicate is going to take this lying down? Ok, so let's assume all the other pricey CAs are ok with this, magically, and aren't gonna torpedo truly free CAs with any lobbying dollar they can muster. What happens in the glorious future where the letsencrypt CA has attracted say, 90% of all certs (because, duh, free), and then they get PWNed? Ooops. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
