SSL-certificates in 2010

The prices of SSL-certificates is going to change. The server certificates will be cheaper, much cheaper. Currently you can spend from $10 (ten) up to $2500  for a certificate. Very interesting question, why such big difference?

Some time ago I worked for a company, which positioned itself on a paranoid academic level of security. The way we viewed certificates came straight from Bruce SchneierApplied Cryptography”. If you want to secured public-key cryphographical exchange with your bank, you must have a 3rd party, the Certificate Authority, which knows both you and the bank.

This Authority must be very authoritative, obviously. It’s located something above all the banks and the users and provides insurance of the security.  One of the reasons why the websites pay so much for certificates.

Who is this authority nowdays? Actually, it’s Microsoft Internet Explorer (together with his brothers – Firefox, Chrome and others)! When you connect to a bank or to a e-shop, check your SSL-certificate and enjoy reassuring icon of a lock, you trust the CA-certificates, which are currently hard-coded in your Internet Explorer (for the IE actually they’re in the Windows itself, but it’s not important at that moment).

If you want your web-server to be available for secured connections to the whole world, you have to buy a certificate from one of guys in the list. Doesn’t matter actually, who. I’m not saying it’s insecure, it’s basically OK. Bruce Schneier may not like it, but the system works.

Now the funny thing.  The production of actuall certificate cost nothing, it’s just genaration of  numbers and files.  And you see how many Trusted Root Certification Authorities are in the list. There famous “invisible hand” must start to work. The prices should go down, dramatically.

Well, last month I’ve received notices from two different CAs about renewal of my certificates (Thawte and GlobalSign). Both gave discounted offers for ~150 and 200 euro’s. Minimum. If I’d wanted a nice green URL by my e-shop, I’d have to pay more that 1000!  However, on another website http://www.namecheap.com/ I was able to buy the same service for $10.95.  Yes, they started it! One of the “Authorities” (GlobalSign in this case )  has dropped the price. Dramatically.

Now we should just wait, the whole market must follow.

You can leave a response, or trackback from your own site.

Sorry, no posts matched your criteria.