'Twas brillig, and German Geek at 15/02/09 22:32 did gyre and gimble:
Please enlighten me why it is so expensive? Is it maybe just the hassle of
setting it up?
The whole thing is about trust. Getting a certificate is nothing if the
system is not backed up by a trust system. If a CA was setup that gave
out certificates willy nilly to all and sundry, then this element of
trust is lost. For $1 you're not likely to be able to afford to do much
in the way of vetting or confirmation that said person is who they say
they are. If browsers trusted that CA and an unscrupulous individual
manages to get a secure certificate for a domain they do not own they
could then use some form of DNS hijacking (e.g. via an open wireless
network or similar) to perform some pretty convincing phishing scams.
So it's not just about the cert. It's the trust that goes with it.
Tribalogic Limited [http://www.tribalogic.net/]
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php