[GitHub] [cordova-docs] breautek commented on a change in pull request #1109: docs: Security revisements

[GitBox <gi...@apache.org>]

breautek commented on a change in pull request #1109:
URL: https://github.com/apache/cordova-docs/pull/1109#discussion_r466177449



##########
File path: www/docs/en/dev/guide/appdev/security/index.md
##########
@@ -53,11 +53,21 @@ There are ways to approximate certificate pinning, such as checking the server's
 
 There are also plugins that can do true certificate pinning for some platforms, assuming your app is able to do all of its network requests using the plugin (i.e.: no traditional XHR/AJAX requests, etc).
 
+## Using TLS/SSL
+
+If your app communicates to an external server, it should be communicating using modern encryption standards. Use `https` protocol whenever is possible.
+
+[Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open certificate authority provided by the nonprofit [Internet Security Research Group](https://www.abetterinternet.org/). Let's Encrypt will offer free standard certificates, which will be sufficient for most developers. Enterprise organizations may still want to use a traditional certificate authority that offers more advanced features such as [Extended Validation](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) or [Organization Validation](https://en.wikipedia.org/wiki/Public_key_certificate#Organization_validation) certificates.

Review comment:
       Is organization validation is still relevant?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org