| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2a66a350901051703g1207b56dy3e42786ac3a5939c@mail.gmail.com> Date: Mon, 5 Jan 2009 17:03:50 -0800 From: chort <chort0@...il.com> To: Adrenalin <adrenalinup@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: FD / lists.grok.org - bad SSL cert On Mon, Jan 5, 2009 at 2:53 PM, Adrenalin <adrenalinup@...il.com> wrote: > Hello everyone, > A bit off topic.. > > Can somebody explain why signing a cert for a domain is still so expensive ? > Or do CA pays a lot of money to browsers so they do not a allow CA with a > better price.. ? Why can't a CA sign a certificate free of charge so > everyone who own a domain can have a https for it's site ? Because the effort, even a small amount, to do any verification that the requester is who they say the are is non-trivial. It takes actual humans to do this, which means you have to pay salaries. It also costs money to handle the keys for the CA securely, hardware signing modules, etc. There are some CAs that charge a lot less than others, and there are also resellers who often sell certificates to their customers at less than what someone could buy the cert from the actual CA itself. Is paying 2 months worth of residential DSL for a certificate that can be used to secure an e-commerce storefront really that outrageous? -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists