[AUUG-Talk]: What's a padlock worth?
db at dawnbreaks.net
Fri Jan 7 02:44:47 EST 2005
A certain SSL certificate provider's less high-market brand
has 3 products:
Option A: ~US$850/2yrs
Option B: ~US$350/2yrs
Option C: ~US$250/2yrs
The products are differentiated as follows (all support up
to 128-bit encryption):
Option A can apparently confer 128-bit capabilities
on non-128-bit capable browsers, if those browsers
are sufficiently modern [modern enough to support 128
bits, by my reading].
Option B is apparently the undifferentiated product.
Option C proves not that your business is a legally
recognised entity [the usual semantic implied by an
SSL certificate], but that your domain admin contact
is contactable via email.
The questions is - leaving aside the claim made by option A
- does option A or B provide any more actual protection
against the consumer trusting a fraudulent site than option
C? Given that users don't generally look at their certificates
(other than to notice the state of the 'golden padlock'), can
we safely say that the value of the golden padlock is *only*
in respect of security of data-transmission?
And if we can say that, whom is the cheapest .au-friendly
certificate provider which has a good presence on the default
certificate-provider lists shipped with most browsers?
"Too much money, moreover, attracts administrators and experts
as sugar attracts ants" -- Wendell Berry
More information about the Talk