On 7/28/2013 5:33 PM, Tom Metro wrote:
Bill Horne wrote:
...we're talking about putting up a "donations" page, and that means
using SSL.
Not necessarily. You can outsource that to PayPal or Amazon, both of
which offer a turn-key payment collection system that runs on their
secure servers, which can be linked to from a non-secure page.
I suspect that most potential donors would /rather/ have a "neutral
third party" handle it, but I don't know for sure.
I want to know where I can get one for less.
Dreamhost (http://www.dreamhost.com/) charges $15/year for certs, but
that offer seems to be available only to their customers that host sites
with them.
Since our site is /on/ Dreamhost, that's /really/ nice to know. They
might want us to buy a shopping cart, though, but it's a good place to
start.
StartSSL (http://www.startssl.com/) starts at free, and goes up to about
$70/year for an extended validation cert. (I've used them for email certs.)
I'll check them out.
I need a certificate from someone who's already in /EVERY/ browser...
A forum posting from 2010 where someone attempted to catalog the
browsers and other things that support StartSSL:
https://forum.startcom.org/viewtopic.php?f=15&t=1802
And:
http://en.wikipedia.org/wiki/StartCom#Trustedness
In contrast to CAcert.org, which also offers free Class 1 SSL
certificates, the StartSSL certificate is included by default in
Mozilla Firefox 2.x and higher, in Apple Mac OS X since version 10.5
(Leopard), all Microsoft operating systems since 24 September 2009,
and Opera since 27 July 2010. Since Google Chrome, Apple Safari and
the Internet Explorer use the certificate store of the operating
system, all major browsers include support for StartSSL certificates.
I didn't see them in Chrome's certificate list, but it might be under a
different name.
...I don't care if I use a company in South Africa or one in Beijing...
How about he Hong Kong Post Office[2]? :-) (Not sure what they charge.)
2. http://www.hongkongpost.gov.hk/product/ecert/apply/certapply.html
As long as they're in the certificate list, I'm interested.
I only care if the users see a lock icon.
Sadly, the whole SSL cert model is only as strong as the weakest
certificate issuer that has widely deployed root certificates. No
end-user is scrutinizing issuers and rejecting certs based on that. As
long as the issuer does a good enough job to avoid the browser/OS
vendors from kicking out their root cert, little else matters.
Bruce Schneier pointed out a while ago that what enables e-commerce
isn't SSL, but simply the $300 statutory limit on credit-card fraud
damages. PKI is, and always will be, 90 percent procedure and ten
percent technology, and even though all credit-card thefts I've read
about happened when "back office" servers were compromised, people still
want to see the lock icon.
Bill
--
Bill Horne
339-364-8487
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
