|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
VeriSign's Own Certificates
Members of the ISP-Webhosting list discuss your options when buying a certificate. Find out why people continue to pay for VeriSign certificates even though they're not happy about doing so.
| [April 20, 2001] |
 |
On the ISP-Webhosting list in April, GM complained,
"Is anyone aware of vendors of certificates other than VeriSign, Thawte and Entrust? VeriSign's pricing is just too high."
CB offered an alternate option:
"Try Equifax: they're $79."
But a few respondents had a problem with CB's suggestion:
[MS warned] "Be careful: Equifax's certs seem good, but they do not work with some versions of Internet Explorer on Win2K."
[AM explained] "Equifax uses a 'chained cert'. There is a bug (no fault of Equifax, but tough luck) in Internet Explorer such that Win2K Internet Explorer does not like some of these chained certs. There's no indication from Microsoft that this will ever be fixed, and no effort from Equifax to even accept that this is a problem. So you can save a few bucks by going with Equifax, but bear this in mind."
JO suggested another:
"Tucows is starting a new service that provides SSL certs here. They're $99, though they're actually free for a limited time."
But WW noted a problem with that one, too:
"I'd avoid this offering for right now. This is essentially a resold Entrust certificate. The problem is not that it is being resold in this way, but with some of the policies. Their verification process for cert requests significantly exceeds the process other Certificate Authorities such as Thawte and Equifax use, thus causing delays in the cert issuance process. Also, unlike any other CA, they have clauses that let them revoke the certificate of any customer based on a complaint from a trademark holder, and the rules are prejudiced against the domain holder/cert customer, recognizing a right to trademarks that is beyond what even the law gives them."
NA complained that it all looks just a little bit like a monopoly:
"If it is true that Tucows is really just reselling an Entrust certificate, then it seems to me that there are really only two places to get certs: VeriSign and Equifax, and since Equifax doesn't work on some browsers, there's no choice. What is so difficult about establishing a CA that no one else has done it?"
WW explained that it all comes down to the browsers:
"Any CA has to convince browser makers to ship their root CA with the browsers. But since you can't do that retroactively, the only way to get your cert not to create an 'untrusted signer' error in the older browsers is to have another recognized CA sign your CA cert. In my opinion, both Netscape and Microsoft set excessively high standards for new CAs to be included in their browser shipments."
—End
| Related articles: | |||
| [Apr. 2, 2001] | VeriSign Gets ICANN Extension | ||
| [May 2, 2000] | We Need a Public Key Infrastructure | ||
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q3 2008 Top U.S. ISPs by Subscriber (Updated 12/02/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers