On Wed, 24 Sep 2003 15:33:56 -0700, thus spake Adam Back
: You'd have thought there would be plenty of scope for certs to be sold
: for a couple of $ / year. Eg. by one of the registrars bundling a
: cert with your domain registration. I mean if someone can provide DNS
: service for $10 or less / year (and lower for some tlds) which
: requires servers to answer queries etc., surely they can send a you a
: few more bits (all they have to do is make sure they send the cert to
: the person who they register the domain for).
Perceived worth. CD's are cheaper to manufacture than cassette tapes,
but you'll pay more, because 'the audio quality is better'. Welcome to
: From what I heard Mark Shuttleworth (of Thawte) got his cert in the
: browser DBs for free just for the asking by being in the right place
: at the right time. So once you have that charging $100 for a few
: seconds of CPU time to sign a cert is a license to print money.
: With all the .com crashes you'd think the price of a root cert ought
: to be pretty low by now.
Adding on to the lists below...
There's a fair bit more work than just randomly signing a certificate.
At the very least, the issuing CA has to (/should) verify that the
contact requesting the certificate is a valid contact for the hostname
being requested, and that the domain is even /allowed/ to have
certificates (I'm thinking cryptography export laws, but I may be
That being said, http://www.openca.org/ gives them away for free.
They're currently pushing to have their root certificate included within
Mozilla; I'm not sure if it will ever happen within IE (but they provide
it for the end user to download).
I have heard good things about their service, and I personally use them
to generate my certificates (the price is right). Dunno about the
supposed security of their signed certificates vs. those signed by
Description: PGP signature