Hi - On Fri, Nov 21, 2014 at 5:41 AM, Henri Sivonen <hsivo...@hsivonen.fi> wrote:
> > Indeed. Huge thanks to everyone who is making Let's Encrypt happen. > > > regulatory compliance, > > What's this about? > nosslsearch.google.com is an example of the weight of regulatory compliance in action. Google talks loudly about all https (and has the leading track record), yet there it is. And google isn't special in that regard. > > > CA-risk, > > I.e. Let's Encrypt going away somehow? > More generally being dependent on a CA is an additional third party operational risk when comparing http:// vs https://.. you're already dependent on your DNS provider and an ISP and now your fate is also linked to the CA that signed your cert too. e.g. at the most basic level not revoking it on you - but also not doing something dumb unrelated to you that gets the signing cert your CA used tossed out of UAs (again). > > > non-access to webpki. > > Does this mean intranets? mostly.. but more generally things that don't bind well to the global dns that the webpki relies on.. so potentially peer to peer and mesh interactions too.. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
