In article <BB9F141F.4C140%thierry@NOSPAM8p-design.com>, thierry <thierry.RemoveThis@NOSPAM8p-design.com> wrote:
>Which SSL certificate provider do you suggest as being the best quality
>price ratio... I find Verisign and Thawte to be outrageously expensive.
Quality from whose perspective?
Obviously, if you're applying for a certificate, you want to look for two
things:
1. Do the people I'm going to identify myself to trust this certificate
authority implicitly, or are they going to have to manually approve my
certificate?
2. Is the certificate I get back going to have all the features I need, and
not be buggy?
If you're looking whether to trust a certificate authority, you're going to
look for these things:
1. Do they check the applicant's identity as stringently as I want them to?
2. Do they issue revocations in a timely fashion when a certificate is
found to be false?
3. How often have they screwed up?
The alternative is to not use a certificate authority, or to create and use
your own CA. The person who accepts your certificate needs to trust that it
came from you, and they can either do that by trusting your CA, or they can
do it by trusting _you_. Let's say, for instance, that you run a web site
devoted to support for a particular program, and you want people to know for
certain that the updates they are getting came from the same source as the
program they originally installed. In that case, you could send your
certificate, or your CA certificate, out with the original software, along
with instructions on installing the certificate as a trusted one.
If people understood what certificates were about, they'd be aware that the
big certificate authorities are actually likely to be the least trustworthy
of any source of certificate information. It's postulated that many of them
only use "did the cheque bounce?" as an identifying criteria. Some of them
have as much as said that what they're looking at is whether the company is
big enough not to blink at the price of the certificate.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at <a style='text-decoration: underline;' href="http://www.wftpd.com" target="_blank">http://www.wftpd.com</a> or email
1602 Harvest Moon Place | alun.RemoveThis@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.<!-- ~MESSAGE_AFTER~ -->
FAQ
Profile
Private Messages
Log in
