• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: App Transport Security exceptions App Store signed app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: App Transport Security exceptions App Store signed app

  • Subject: Re: App Transport Security exceptions App Store signed app
  • From: Trygve Inda <email@hidden>
  • Date: Wed, 27 Jan 2016 11:58:10 -0800
  • Thread-topic: App Transport Security exceptions App Store signed app
>
>> On Jan 27, 2016, at 7:32 AM, Trygve Inda <email@hidden> wrote:
>>
>> It is basically a cost issue. It is expensive to set up SSL certificates on
>> 8 different servers... It would cost us about $700/yr
>
> Sounds like you’re being overcharged. SSL on hosted domains used to be pricey
> (partly due to the CPU overhead of the encryption) but hosts like Dreamhost
> are now offering it as a free add-on. And Let’s Encrypt makes getting and
> maintaining a cert free and fairly easy.

This is from Pair Networks for an SSL certificate with subdomains.

https://www.pair.com/services/pairssl/

> This is kind of like living in a small town that’s now grown into a big city,
> and still refusing to lock your doors at night. :)
> The site may have been fine so far, but the world around it is changing. Both
> attacks against and surveillance of cleartext connections are increasing, and
> there’s a growing consensus that unencrypted HTTP should be deprecated.
> Apple’s ATS is a sign of that.
> https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
> https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
> I think it’s pretty likely that, within a year or so, users of your website or
> app* are going to be seeing scary security warnings in their browser or mobile
> device unless you move to HTTPS.

You could be right. I fail to see why downloading a simple image needs to be
done securely. It is not transmitting anything financial or sensitive.

T.




_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: App Transport Security exceptions App Store signed app (From: Jens Alfke <email@hidden>)

  • Prev by Date: Re: Obj-C - your thoughts on hiding data members?
  • Next by Date: Re: Obj-C - your thoughts on hiding data members?
  • Previous by thread: Re: App Transport Security exceptions App Store signed app
  • Next by thread: Re: App Transport Security exceptions App Store signed app
  • Index(es):
    • Date
    • Thread