The reason for separating out the certs into "high" and "low" is almost guarunteed to be marketing.
Which is not necessarily a bad thing. Just because something is done for "marketing" reasons doesn't mean that there's not actually value provided to potential buyers, at least as they perceive it (and after all, it's their money).
The marketing imperitive is to create a ramped range of products. This is a well studied phenomena in b-school and marketing school, as well as (perhaps surprisingly) economics. The key phrases here are 'consumer surplus' and also 'price discrimination' if anyone fancies researching more:
http://en.wikipedia.org/wiki/Consumer_surplus (not so good) http://en.wikipedia.org/wiki/Price_discrimination (better)
For a good discussion of price discrimination strategies as they relate to information goods, I particularly recommend Varian and Shapiro's book "Information Rules":
http://www.amazon.com/exec/obidos/ASIN/087584863X
<snip>When a market only has one product, the pressure to create two products, being an expensive one and a cheap one, is *immense*.
Once two products are established and are *successful* there arises pressure to create three, then four, then more, and in each case there is one primary objective: create a range of prices from very cheap to very expensive.
As a point of interest Varian and Shapiro believe that offering products at three price points (e.g., "silver", "gold", "platinum") is
an optimum strategy in many cases. The idea is that extremely-price-sensitive buyers would buy the lowest price offering, extremely-price-insensitive buyers would buy the high-price offering, and everyone else (the majority of buyers) would buy the middle-priced offering.
The thing to keep firmly in mind is that this is *nothing* to do with the technical issues of security or even cost. It is solely a phenomenum of marketing and economics known as price discrimination.
Yes, but... It's not necessarily "just marketing", either in general or for this specific case. In many cases -- and I would argue, in the cases in which it works best -- price discrimination is associated with real differences in value as perceived by customers, even if some would question what that value actually is. (For example, some users of open source software would question the value of paying for "certified" versions of software, but others do perceive value in this.)
How do we prove this? Easy: the existence of different certs for different prices has to be primarily to create a ramped price structure for the perception of the buyer of the cert because the end-users - the browsing user and the site operator - can't see the difference anyway.
Well, we're talking about introducing a difference (e.g., as in my strawman SSL UI proposal), and that might in turn make a difference in perceived values of the different offerings.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
