IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Wed, 18 December 2013 08:15 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08481AE2EF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Dec 2013 00:15:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.14
X-Spam-Level:
X-Spam-Status: No, score=-7.14 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kD_VIujqivhu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Dec 2013 00:15:42 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E92871AE2E9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 18 Dec 2013 00:15:41 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1VtCGk-0001SU-S4 for ietf-http-wg-dist@listhub.w3.org; Wed, 18 Dec 2013 08:14:14 +0000
Resent-Date: Wed, 18 Dec 2013 08:14:14 +0000
Resent-Message-Id: <E1VtCGk-0001SU-S4@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <duerst@it.aoyama.ac.jp>) id 1VtCGQ-0001Nv-Fz for ietf-http-wg@listhub.w3.org; Wed, 18 Dec 2013 08:13:54 +0000
Received: from scintmta01.scbb.aoyama.ac.jp ([133.2.253.33]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <duerst@it.aoyama.ac.jp>) id 1VtCGO-0000BX-KL for ietf-http-wg@w3.org; Wed, 18 Dec 2013 08:13:54 +0000
Received: from scmse02.scbb.aoyama.ac.jp ([133.2.253.231]) by scintmta01.scbb.aoyama.ac.jp (secret/secret) with SMTP id rBI8BfXt013145; Wed, 18 Dec 2013 17:11:41 +0900
Received: from (unknown [133.2.206.134]) by scmse02.scbb.aoyama.ac.jp with smtp id 15d7_01ba_06baa662_67bc_11e3_b534_001e6722eec2; Wed, 18 Dec 2013 17:11:40 +0900
Received: from [IPv6:::1] (unknown [133.2.210.1]) by itmail2.it.aoyama.ac.jp (Postfix) with ESMTP id DDD9FBFB13; Wed, 18 Dec 2013 17:11:40 +0900 (JST)
Message-ID: <52B158AE.4010501@it.aoyama.ac.jp>
Date: Wed, 18 Dec 2013 17:11:26 +0900
From: "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Brian Smith <brian@briansmith.org>, "\"William Chan (陈 智昌)\"" <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
References: <20131211041855.16435.23957.idtracker@ietfa.amsl.com> <44FFE527-F884-4E29-BA29-167CF909F78D@mnot.net> <CABkgnnULeMTH4HEUx9bm80k+4HD64ZNHEFkkLXG2qU_PTgK4+g@mail.gmail.com> <CAOdDvNoFsADcfpD+tQRve7syJw3iuDrZBqsJJujbk_sSzzwUxg@mail.gmail.com> <CAA4WUYj8-NhWnoMvraw0W84B5O-a7zscN-CHncNZHuaXE+ZvSw@mail.gmail.com> <CAPik8yahyBjwvu5hCzfm9a1j+tJc74i5pZuA8wsuruAFVpN97Q@mail.gmail.com> <CAA4WUYi0-ajcTUQJNsMSP_-JHhKBedAh32p8rr3Hf8p6chNWSQ@mail.gmail.com> <52ACAF88.2040202@cs.tcd.ie> <CAFewVt6j0yaRboARj=wpaVO2s9M6j7_za-GXLp9ZWqkFtSys8A@mail.gmail.com> <52AE3A1A.3080903@cs.tcd.ie>
In-Reply-To: <52AE3A1A.3080903@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: none client-ip=133.2.253.33; envelope-from=duerst@it.aoyama.ac.jp; helo=scintmta01.scbb.aoyama.ac.jp
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.161, RP_MATCHES_RCVD=-0.535
X-W3C-Scan-Sig: lisa.w3.org 1VtCGO-0000BX-KL 924907356c03df896918e32def4c69cf
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt
Archived-At: <http://www.w3.org/mid/52B158AE.4010501@it.aoyama.ac.jp>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/21668
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 2013/12/16 8:24, Stephen Farrell wrote:

> One problem with that is that startcom is only free for 2nd level
> domains (iirc). For those its great and I've used it and would
> recommend it - once I had mail setup for the domain it only took
> 20 minutes to get all the cert stuff sorted. Having said that,
> I've no idea how secure any of their stuff is, but for a case
> where all I want is to get rid of the stupid cert warning dialog,
> what they do is just fine.
>
> But, AFAIK, there's nothing I can get for e.g. my server at
> https://down.dsg.cs.tcd.ie/ Now in theory I could get something
> done via tcd.ie but that's in fact not possible due to our fun
> central university IT folks (same old story:-) and the way that
> the cs n/w in college is autonomous from the rest of tcd.ie.

Hello Stephen,

Thanks for the heads-up! I was occasionally day-dreaming about getting a 
free certificate for my site. But I'm in exactly the same situation as 
you (five levels deep, central university IT,...). On top of that, I 
have organized my stuff so that I use different domains for different 
services, which as I understand means I need multiple certs. But maybe 
some day I'll try with self-signed ones, especially for the 
student-oriented services, because I could tell my students how to check 
that they get the right cert.

Regards,   Martin.

> Now that's all very specific to my server, but I think its (only
> 2nd level domains) likely just one of the gaps between that 30-40%
> and the 99% goal.
>
> Separately, I'm not sure I buy the just-use-1.1 argument that Tim
> made, there's no reason why this particular problem is different
> in that respect. So I don't see why just-use-1.1 is a good answer
> here unless its a good answer everywhere, which doesn't seem to
> be the case.
>
> But yes, work in this space would be great. Doesn't seem to
> be happening yet though. So colour me skeptical for now at least.
>
> S.
>
>
>

v2.23.0 | Report a Bug | By Email