[AUUG-Talk]: What's a padlock worth?

David Bullock db at dawnbreaks.net
Fri Jan 7 02:44:47 EST 2005

Hi folks,

A certain SSL certificate provider's less high-market brand
has 3 products:

    Option A: ~US$850/2yrs
    Option B: ~US$350/2yrs
    Option C: ~US$250/2yrs

The products are differentiated as follows (all support up
to 128-bit encryption):

    Option A can apparently confer 128-bit capabilities
    on non-128-bit capable browsers, if those browsers
    are sufficiently modern [modern enough to support 128
    bits, by my reading].

    Option B is apparently the undifferentiated product.

    Option C proves not that your business is a legally
    recognised entity [the usual semantic implied by an
    SSL certificate], but that your domain admin contact
    is contactable via email.

The questions is - leaving aside the claim made by option A
- does option A or B provide any more actual protection
against the consumer trusting a fraudulent site than option
C?  Given that users don't generally look at their certificates
(other than to notice the state of the 'golden padlock'), can
we safely say that the value of the golden padlock is *only*
in respect of security of data-transmission?

And if we can say that, whom is the cheapest .au-friendly
certificate provider which has a good presence on the default
certificate-provider lists shipped with most browsers?

thanks, David

"Too much money, moreover, attracts administrators and experts
as sugar attracts ants"              -- Wendell Berry

More information about the Talk mailing list