Re: [SAGE] Are cheap SSL certificates legitimate?

[Matthew Barr <mbarr@mbarr.net>]

The major problem with these types of certs are that they are the  
exact same thing that's being done by CAcert.  I like CAcert.  I just  
wish it would be added into the browsers.  If the same verification  
method is happening, free is better than $20!

Matthew

Matthew Barr
Managing Partner
Datalyte Consulting, LLC
Apple Authorized Reseller
mailto:mbarr@datalyte.com
cell: (646) 765-6878



On Jan 20, 2007, at 2:28 PM, Sam Johnston wrote:

> Philip,
>
> These providers can afford to issue the certificates at these  
> prices because the process is 100% automated by way of eg email  
> verification. So long as users don't check that they trust the  
> issuer (at least not directly; the trust they place in the software  
> vendor is transitive) they are technically exactly the same as more  
> expensive and harder to obtain certificates that have 3 figure  
> price tags (though you typically don't get other bells and whistles  
> like insurance). Regardless of whether intermediate certificate(s)  
> are involved, all you really care about is what percentage of your  
> client population will be satisfied (the extra effort in installing  
> a certificate vs a chain of certificates is typically negligible).