full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] FD / lists.grok.org -

Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert

From: chort <chort0_at_nospam>
Date: Tue Jan 06 2009 - 01:03:50 GMT
To: Adrenalin <adrenalinup@gmail.com>


On Mon, Jan 5, 2009 at 2:53 PM, Adrenalin <adrenalinup@gmail.com> wrote:
> Hello everyone,
> A bit off topic..
>
> Can somebody explain why signing a cert for a domain is still so expensive ?
> Or do CA pays a lot of money to browsers so they do not a allow CA with a
> better price.. ? Why can't a CA sign a certificate free of charge so
> everyone who own a domain can have a https for it's site ?

Because the effort, even a small amount, to do any verification that the requester is who they say the are is non-trivial. It takes actual humans to do this, which means you have to pay salaries. It also costs money to handle the keys for the CA securely, hardware signing modules, etc.

There are some CAs that charge a lot less than others, and there are also resellers who often sell certificates to their customers at less than what someone could buy the cert from the actual CA itself.

Is paying 2 months worth of residential DSL for a certificate that can be used to secure an e-commerce storefront really that outrageous? -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/