httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Morgan <josephmmor...@hotmail.com>
Subject Re: [users@httpd] Re: Low priced certificate?
Date Wed, 22 Jul 2009 15:46:50 GMT

>>That said, the most expensive gold-plated cert. you can buy may not be
>>worth much more, in your application, than one you could get for half
>>as much.

This is absolutely correct...except that some may appreciate the fact 
that you're using the gold-plated cert.
That is, it sounds much better to say someone is protected by the Secret 
Service than "Jim's Armed Guards",
even though all of Jim's employees may indeed be ex-Secret Service. 

In the cert world, your customers would likely rather see that your 
certs are signed by Verisign than by
"pimpmycert.com"

Mark H. Wood wrote:
> On Wed, Jul 22, 2009 at 02:43:10PM +0200, Boyle Owen wrote:
>   
>> It's worth remembering what a certificate is for; it is a document,
>> undersigned by a third-party, that confirms that you are who you say you
>> are. The third-party certificate signing authority is putting their
>> reputation on the line and has a moral (even a legal) obligation to be
>> certain you are bona fide.
>>     
>
> Hear, hear.  It's about time there was some general awareness of what a
> certificate *means*.
>  
>   
>> A certificate is not some random obstacle that makes SSL websites pesky
>> to set up - it is an essential security feature that protects web-users
>> from fraud. So, of course it should cost you (as e-commerce operator)
>> money and effort.
>>     
>
> I want to second this, with a caveat.  I don't see that a certificate
> "should" cost any particular sum.  I do see that one reason for a
> good-quality certificate to cost so much is that it costs the issuer
> nearly that much to investigate your claim of identity.
>
> Some certificates don't cost very much because the assurance they
> actually represent is not worth very much.  And a few of your
> customers *do* read cert. issuers' Certification Practice Statements.
>
> That said, the most expensive gold-plated cert. you can buy may not be
> worth much more, in your application, than one you could get for half
> as much.  If it were my business I'd go for the midrange with a
> company I already know something about.
>
> You might want to talk to your lawyer about your duty of care in
> protecting your customers' transactions, too.  He may have specific
> advice on what you need to look for to get a reasonable balance
> between cost and protection.
>
>   


_________________________________________________________________
Windows Liveā„¢ HotmailĀ®: Celebrate the moment with your favorite sports pics. Check it out.
http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_photos_072009&cat=sports
Mime
View raw message