> >> On Jan 27, 2016, at 7:32 AM, Trygve Inda <cocoa...@xericdesign.com> wrote: >> >> It is basically a cost issue. It is expensive to set up SSL certificates on >> 8 different servers... It would cost us about $700/yr > > Sounds like you’re being overcharged. SSL on hosted domains used to be pricey > (partly due to the CPU overhead of the encryption) but hosts like Dreamhost > are now offering it as a free add-on. And Let’s Encrypt makes getting and > maintaining a cert free and fairly easy.
This is from Pair Networks for an SSL certificate with subdomains. https://www.pair.com/services/pairssl/ > This is kind of like living in a small town that’s now grown into a big city, > and still refusing to lock your doors at night. :) > The site may have been fine so far, but the world around it is changing. Both > attacks against and surveillance of cleartext connections are increasing, and > there’s a growing consensus that unencrypted HTTP should be deprecated. > Apple’s ATS is a sign of that. > https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ > https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure > I think it’s pretty likely that, within a year or so, users of your website or > app* are going to be seeing scary security warnings in their browser or mobile > device unless you move to HTTPS. You could be right. I fail to see why downloading a simple image needs to be done securely. It is not transmitting anything financial or sensitive. T. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com