Re: EV guidelines

Tue, 13 Feb 2007 15:49:38 -0800 

Duane wrote:

I don't know what the liability should be, but a flat rate fee isn't the
answer either, some kind of liability based on income would be the best
way to handle things since a rich company won't be "hurt" as much as a
small company kind of thing.

Good thought :-D

Sure. Which is why we're at $10 certs. The market decided that the CAs
weren't offering a service, and so they devalued the cost of that
service. I don't think such devaluation was a CA-inspired conspiracy!
:)


I didn't mean it was any kind of conspiracy, just the market self
balancing to an extent.

  

For the record: Two years ago domain validated certificates were still 
worth about  ~ 60 - 90 US$. During the last two years of our operation 
the "market" came down to ~ 15 US$ for the same, which just shows, that 
in can be done for less...much less! (Disclaimer: StartCom is *not* the 
inventor of domain validated certificates, we just happen to charge the 
right price for it - free ;-) )



The conspiracy is a different one...Now that prices are down to the 
bottom, the "commercial" CAs had to reinvent themselves in order to 
revive the once lucrative business. But how to do that? Define a new 
standard and get the browsers to do some extra work...True, there is 
some marketing effort to do...but now there is a good reason to charge 
again 1,000 US$ for it...Excellent!



One problem...when this fantastic idea came up first, the "market share" 
of the new Mozilla browser was barely a few percents anywhere and would 
it have stayed like that, EV would be a fact today...but 
ooopps...something changed....Firefox has taken the lead at some places 
already (Notably in Germany, but also here 
http://www.boingboing.net/stats/#browsers ). Now they are obviously 
counting on it, that Mozilla plays nicely and is not going to upset the 
party...Well, some FUD about Firefox not being secure and loosing the 
"browser market" might help... ( 
http://www.theregister.co.uk/2006/10/25/verisign_extended_validation/ )...


:-)

--
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security





























					Reply via email to