SSL Cert Prices & Notes
John Gilmore
gnu at toad.com
Mon Aug 7 20:12:45 EDT 2006
Date: Sun, 6 Aug 2006 23:37:30 -0700 (PDT)
From: clif at eugeneweb.com
Subject: SSL Cert Notes
Howdy Hackers,
Here is the latest quick update on SSL Certs. It's interesting that
generally prices have risen. Though ev1servers are still the best commercial
deal out there.
The good news is that CAcert seems to be posistioned for prime time debut,
and you can't beat *Free*. :-)
SSL Certificate Authorities Verification Subdomains Too
Low High Low High
Verisign $399 $995
Geotrust $189 $349 $599 $1499
Thawte $149 $199 $799 $1349
Comodo / instantssl $49 $62.50 $449.95
godaddy.com $17.99 $74.95 $179.99 $269.99
freessl.com $69 $99 $199 $349
ev1servers $14.95 $49
CAcert Free Free Free Free
Articles:
http://isp-planet.com/hosting/2004/geotrust.html
CAcert:
http://www.cacert.org/
Inclusion Status: http://wiki.cacert.org/wiki/InclusionStatus
-------------------------------------------------------------
Latest news
-------------------------------------------------------------
Thanks for your concerns - getting the CAcert root cert included into
Mozilla is indeed probably our largest challenge right now, but one we are
actively engaged in.
Philipp is working on a CPS see PolicyDrafts
To see where we are with Mozilla, see:
https://bugzilla.mozilla.org/show_bug.cgi?id=215243 [Summary: Mozilla has
established a fair and firm policy which CAcert should be able to meet.
Then they threw the ball back to CAcert.]
Background of the story
We found when we first started down this road that the typical way a
vendor got included into a major browser's root store was simply by paying
whatever fees were demanded. In Microsoft's case with Internet Explorer,
they don't care really who's included or who is not, but insist only that
you pass a Webtrust audit and if so, you're eligible for inclusion. Our
problem is that the audit costs in the neighborhood of $75,000 with a
yearly +$10,000 fee. For CAcert, as a non-profit organisation that is
simply out of the question (at least in the forseeable future).
The folks at Mozilla have a rather different strategy currently. They are
willing to include our cert providing we conform to reasonable guidelines
that everyone agrees to. And there's the rub - getting all involved to
decide which guidelines are and are not necessary and how best to conform
to them.
This is an ongoing process and we are documenting our Certificate Policy
Statement (CPS) at: http://www.cacert.org/cps.php (not always up-to-date)
see CPS
(Many thanks to Christian Barmala's (http://ca.barmala.com) work on this
and for everyone who has helped us with shaping these policies!)
-------------------------------------------------------------
Clif
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list