> I'm not sure how you come to that conclusion. Simply > use TLS with self-signed certs. Save the cost of the > cert, and save the cost of the re-evaluation. > > If we could do that on a widespread basis, then it > would be worth going to the next step, which is caching > the self-signed certs, and we'd get our MITM protection > back! Albeit with a bootstrap weakness, but at real > zero cost.
I know of some environments where this is done. For example to protect the connection to a corporate mail server, so that employees can read their mail from outside of work. The caching problem is easily solved in this case by having the administrator distribute the self-signed cert to all employees and having them import it and trust it. This costs no more than 1 man day per year. This is near 0 cost however, and gives some weight to Perry's argument. > Any merchant who wants more, well, there *will* be > ten offers in his mailbox to upgrade the self-signed > cert to a better one. Vendors of certs may not be > the smartest cookies in the jar, but they aren't so > dumb that they'll miss the financial benefit of self- > signed certs once it's been explained to them. I have a hard time believing that a merchant (who plans to make $ by providing the possibility to purchase on-line) cannot spend something like 1000$ [1] a year for an SSL certificate, and that the administrator is not capable of properly installing it within 1-2 man days. If he can't install it, just get a consultant to do it, you can probably get one that does it within a day and charges no more than 1000$. So that would make the total around 2000$ a year, let's generously round it up to 10K$ annum. I think your 10-100 million $ annum estimate is a bit exaggerated... [1] this is the price I saw at Verisign http://www.verisign.com/products/site/commerce/index.html I'm sure you can get it for cheaper. This was already discussed on this list I think... --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]