Anne
Wed Feb 21 11:43:24 CST 2007
Patrick D. <PatrickD@discussions.microsoft.com> writes:
> Hi,
>
> Thanks for your answers.
> I know, that there are a lot of possibilities, but I asked for an URL, where
> I can buy a secure certificate for a LOW PRICE. There are quite a few ones,
> where I need to pay a lot.
> Are there "cheap" certificates, which won't make browsers to warn us anymore?
secure & cheap? is this an oxymoron?
reason for ssl cryptography is to hide information during transmission
reason for ssl certificates is to proove that you are really who you
claim to be. "security" in terms of ssl certificates is primarily an
"authentication" issue (in contrast to encryption being
privacy/condidentiality issue).
for an ssl certificate to be "secure" ... means that it correctly
authenticates you (or at least something) ... i.e. are you really who
you claim to be. in order to establish authentication security, the
certification authority issuing such a certificate has to do some
amount of due diligence ... in order to establish that you are who you
claim to be ... before they certify it as part of issuing a digital
certificate asserting to that fact (aka a digital certificate is
nominally a representation that the certificying authority has
certified some piece of information).
there have been some suggested changes that would improve the
integrity/security of the certification process ... which at the same
time significantly reduces the certification complexity and costs
... potentially leading into reduced digital certificate prices.
the "catch-22" for the industry is that the general public might start
using the same processes ... eliminating the need for 3rd party
certification authorities ... and their digital
certificates. collected past posts mentioning the catch-22 for the ssl
certification industry
http://www.garlic.com/~lynn/subpubkey.html#catch