Kumar McMillan wrote: > - SSL certs can be bought cheaply in the US/Europe > - However, certs might be prohibitively expensive in some economies > (like emerging markets)
Doesn't StartSSL not provide free certificates in all markets? Are there any of the initial target markets for which StartSSL does not provide free certificates? > This will include documentation: a big red warning urging developers > to use HTTPS if possible. Also, we can document replay attacks and > how app developers can protect against them. They should be > protecting against replays regardless of using HTTPS or not. Are payments available for hosted apps, or just privileged/certified apps? If payments are available for hosted apps, then that means that the prevention of replays would have to take place on the server, not in the app itself. Otherwise, the MitM that is forcing the replay would just remove the code that prevents the replays. Cheers, Brian _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
