Application Transport Security deadline for iOS apps

Richard Gaskin ambassador at fourthworld.com
Mon Jul 11 11:11:23 EDT 2016 

Peter TB Brett wrote:
> On 11/07/2016 15:43, Richard Gaskin wrote:
>> Paul Dupuis wrote:
>>
>>> On 7/11/2016 7:05 AM, Peter TB Brett wrote:
>> ...
>>>> Apple will be requiring ATS for all iOS apps submitted to the app
>>>> store from the beginning of 2017.
>> ...
>>>> The "Let's Encrypt" project may be useful. https://letsencrypt.org/
>>>
>>> I realize that LiveCode has no influence over Apple, but this is one
>>> of the most bone-headed thing Apple has ever done to it's developers.
>>> There are millions of web servers out there without any logins,
>>> serving publicly available data or information, that do not need to
>>> be encrypted...
>>
>> HTTPS serves two purposes: one is encryption of data in transport, which
>> may or may not be truly necessary.  When when a server only hosts
>> publicly-available information it may indeed seem overkill.
>>
>> But the other purpose is very useful for us all:  it helps ensure that
>> the site you think you're accessing is indeed what it claims to be.
>>
>
> As I mentioned previously, it serves a third purpose, even if the data
> is publicly available and you're communicating with the right server, by
> preventing middlemen from tampering with the data in transit.

Perhaps lazy writing on my part.  In my own mind that seems a part of 
data encryption in transport, since a middleman won't be able to decrypt 
intercepted data, no encrypt new injected data with a key the recipient 
expects.

Either way, yes, HTTPS is useful for many purposes.

In a way it's kinda like Unicode:  it's easy to think of Unicode as 
being useful only when you need to support non-English languages.  But 
the more you think about it, the more it becomes clear that even 
English-language data is increasingly shared in Unicode, so it's not a 
question of foreign language support as much as it is merely of using 
modern conventions.

With any luck, everything on the Web will be encrypted soon, and we'll 
look back on the days before universal encryption as a primitive 
learning period before we got truly serious about relying on the Internet.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list