On Wed, Nov 19, 2014 at 4:50 PM, Patrick McManus <mcma...@ducksong.com> wrote: > On Wed, Nov 19, 2014 at 1:45 AM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: >> >> >> Does Akamai's logo appearing on the Let's Encrypt announcements change >> Akamai's need for OE? (Seems *really* weird if not.) > > > let's encrypt is awesome - more https is awesome.
Indeed. Huge thanks to everyone who is making Let's Encrypt happen. > regulatory compliance, What's this about? > CA-risk, I.e. Let's Encrypt going away somehow? > non-access to webpki. Does this mean intranets? > A hosting or CDN provider doesn't control all of those things - especially > the legacy and mixed content. Yes, OE definitely allows CDNs and hosting providers to make things better without getting their customers to take action. But the customers feeling they don't need to take action is the problem I'm worried about. > There are basically 2 arguments against OE here: 1] you don't need OE > because everyone can run https and 2] OE somehow undermines https > > I don't buy them because [1] remains a substantial body of data and [2] is > unsubstantiated speculation and borders on untested FUD. Of course [2] is speculation. The notion that OE wouldn't harm the adoption of https is speculation, too. Both are fundamentally about guessing how the future would go in different circumstances without a way, in the future, to check how things had gone differently with the other option. However, it seems reasonable and believable that shortening the perceived distance between what you get with http URLs and what you get with https URLs makes some set of admins feel less urgency to move from http URLs to https URLs, so I think it's rather an exaggeration to call it FUD. It would be remarkably counterintuitive if OE didn't take away some of the momentum of https (at least if OE was adopted broadly by browsers). -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
