Date: Mon, 10 Feb 2003 20:43:01 -0500 From: "Michael H. Semcheski" <mhs-list@aylix.com> To: <freebsd-hackers@FreeBSD.ORG> Subject: Re: Anyone where to get a signed SSL certificate cheap? Message-ID: <00a301c2d16e$f6c10d90$9602a8c0@foursix> References: <20030205181724.GB87471@genius.tao.org.uk> <3E416AFA.85AF4F28@mindspring.com> <4r7cw75q.fsf@ID-23066.news.dfncis.de> <3E4851FD.9B5F2943@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> "The ability to sell certificates which are recognized by the > browser, without it telling them ``This merchant is trying to > hack you''"? > > the only true reason to buy a certificate might be the $$ needed to > > insure or guarantee them before a court of law in case of liability. > No, the reason to by a cert is to avoid a scary popup message or > series of popup messages, which negatively influence a user's > buy decision. One thing that Verisign and presumably the other signing authorities do before issuing an SSL cert is verify the issuees identity. That is, I don't think you can just give them a CC number and a name and get a cert. If I recall correctly, one thing they asked for was a Dunn and Bradstreet number. That sort of thing means that you have one more channel for recourse if something unexpected happens. If your card never gets charged for what you bought, and the item never gets to you, you can't really take it up with the credit card company, other than to cancel your card. > For the most part, that the reason for using SSL at all, since > it is statistically very unlikely that a "bad guy" is listening > to your transaction at the exact time you submit a request. In > fact, it's *so* unlikely, that you are more likely to have your > credit card number stolen and used by a service person at your > local restaurant... but they don't have big, scary popups that > happen as you are entering the restaurant. If there was no SSL and all web purchases went in the clear over the wire, there would be more people listening on the web, more phoney web sites designed to grab CC numbers, etc. Encryption is a big bonus of SSL, but the key is authentication. So, thats pretty off topic, I suppose. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a301c2d16e$f6c10d90$9602a8c0>