View previous topic :: View next topic |
Author |
Message |
rrinc -
Joined: 24 Feb 2006 Posts: 725 Location: Arkansas, USA
|
Posted: Fri Jul 20, 2007 8:32 pm Post subject: Why SSL Authorities? |
|
|
I doubt I'm alone in being annoyed that there are expensive SSL authorities, what do you get by paying hundreds of dollars for something you could have made yourself?...a name. Why? Are the known/authorized authorities just stored in web browsers? _________________ -Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados. |
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Fri Jul 20, 2007 9:28 pm Post subject: |
|
|
The list of trusted certificate authorities are programmed into the browser. It is up to the browsers developers to maintain the default list. However, the end user can add additional authorities if they wish.
The argument I've heard is that scamer's who setup fishing websites may want to provide their victims a secure connection to appear legitimate and the price will discourage them from doing so. _________________ Olly |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Sun Jul 22, 2007 1:45 am Post subject: Re: Why SSL Authorities? |
|
|
rrinc wrote: | I doubt I'm alone in being annoyed that there are expensive SSL authorities, what do you get by paying hundreds of dollars for something you could have made yourself?...a name. Why? Are the known/authorized authorities just stored in web browsers? |
There are many price levels among certification authorities. But here is why they ask for money to give you a certificate:
*They offer an insurance in case someone hacks a site encrypted by their certificate. It is not clear how this works but the fact is that some of them offer a few thousands of dollars if there is a problem, some others offer hundred of thousands (for the most expensive certificates).
* They have to do some work ot verify your identity. So part of your certificate price is spent paying their clerks to check your legal papers and state/regional business directories to ensure your company exists and is doing business legally.
* They have to maintain they certificates generation servers and their CRL (Certification revocation lists). This also costs money.
* Authorities must usually build brand awarness through ads and marketing compaigns so that average user X trusts certificates they issue and don't fear entering his credit card number on a web site protected by their certificate.
By the way, not all certificates are equal. A $20 certificate would be fine for simple community site (or a site where users are asked to enter some personal information). But if you are going to accept CC payements on your site, your bank will require that you have an expensive SSL certificate. An expensive SSL certificate ensure that the authority has verified that you do really exist using several methods (some would even send someone to your office to check that you're doing business there). It also comes with insurances with 6 figures at least. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
|