On Tuesday 01 March 2011, Gordon Heydon wrote: > Hi, > > I have a new client and they require me to get an SSL certificate. Ideally > an EV certificate because they detail with financial information (not > credit cards) and would ideally require a higher level of identifiable > security that what a standard certificate provides. > > Usually for clients that do not really require any real security for there > website and when a self signed certificate will do, I will use a free > certificate from startssl.com, not only does it give the full security > their certificate authority is recognised by all browsers. > > While grabbing a certificate for another client I noticed that they offer > an EV certificate for US199 for 2 years, where as thawte.com (who I > usually use when I need a proper certificate) for the same certificate si > $US995 for 2 years. and verisign is 1730 for the same. > > I know that technically there is zero difference in security between the 2 > providers and they will both provide the exact some levels of encryption. > > The EV certificate from startssl.com is 1/5 of the price of one from > thawte.com so looking that it is a much better financially. but the issue > is really "trust". Thawte.com or even Verisign have a much higher level of > trust and what startssl.com has. Would a normal person (not like us) > really care about this. > > Remember also to provide an EV certificate you still need to meet some > strict guidelines. > > I am conflicted with this, on the one hand I can provide my client with a > financially acceptable option that will give their clients a much higher > level of identity, and make sure they are dealing with my client, but on > the other hand it is not a thawte/verisign. > > Comments please.
What they would be paying for is the right to use the Thawte/ Verisign Logo on their site. If your client thinks this is important then so be it, they will have to pay. > > Thanks in advance. > Gordon. -- ----------------- Bob Hutchinson Midwales dot com -----------------
