Application Transport Security deadline for iOS apps

Richard Gaskin ambassador at fourthworld.com
Mon Jul 11 10:43:19 EDT 2016 

Paul Dupuis wrote:

 > On 7/11/2016 7:05 AM, Peter TB Brett wrote:
...
 >> Apple will be requiring ATS for all iOS apps submitted to the app
 >> store from the beginning of 2017.
...
 >> The "Let's Encrypt" project may be useful. https://letsencrypt.org/
 >
 > I realize that LiveCode has no influence over Apple, but this is one
 > of the most bone-headed thing Apple has ever done to it's developers.
 > There are millions of web servers out there without any logins,
 > serving publicly available data or information, that do not need to
 > be encrypted...

HTTPS serves two purposes: one is encryption of data in transport, which 
may or may not be truly necessary.  When when a server only hosts 
publicly-available information it may indeed seem overkill.

But the other purpose is very useful for us all:  it helps ensure that 
the site you think you're accessing is indeed what it claims to be.

A self-signed certificate can provide encryption, but only a cert 
authenticated by a respected third party can verify the site's identity.

Until recently Apple's requirement may have been seen as onerous, since 
the cost of deploying to the app store would effectively more than 
double, given that the cost of some good authenticated certs can be 
greater than the cost of Apple's dev program.

Thankfully the Let's Encrypt project is now here to save the day, making 
our lives as site managers easier while protecting our site's visitors.

Let's Encrypt is a consortium sponsored by Mozilla, Akamai, Cisco, the 
EFF, and many others, to provide an automated system with reliable, 
efficient certificate deployment, updates, and authentication servers, 
all at no cost.

Those using shared hosting at Dreamhost will find Let's Encrypt 
available now right in their control panel, easily set up with just a 
couple clicks.

Those using shared hosts running CPanel will have to wait just a few 
more weeks while that team's control panel support completes its beta 
testing.

If you're using a VPS or dedicated server with Ubuntu 16.04, you'll find 
letsencrypt in the standard apt-get package repositories so it can be 
installed and updated as conveniently as anything else in the system.

For other VPS or dedicated hosts you can also install and maintain Let's 
Encrypt through git; instructions for that are provided at the Let's 
Encrypt URL Peter shared above.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list