@anonymous, who said: Certificates by the leading cert authorites (Verisign, etc) are already WAY overpriced for what it takes to issue them.
If you're looking at the price to issue, that's one thing, but they're not just issuing. They're managing an entire certificate life-cycle and revocation lists. If I'm not mistaken, they probably keep old certs around for quite some time. Also, given their status/position, their root CA is probably very well guarded and complete with dual (if not triple) layer administrative controls in place.
In other words, a good CA has a lot of responsibility and a lot of overhead to deal with year in and year out. Are certs expensive? Yes. Are they over-priced, I wouldn't be so quick to say, "yes."
If you're looking at the price to issue, that's one thing, but they're not just issuing. They're managing an entire certificate life-cycle and revocation lists. If I'm not mistaken, they probably keep old certs around for quite some time. Also, given their status/position, their root CA is probably very well guarded and complete with dual (if not triple) layer administrative controls in place.
In other words, a good CA has a lot of responsibility and a lot of overhead to deal with year in and year out. Are certs expensive? Yes. Are they over-priced, I wouldn't be so quick to say, "yes."
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/77/289#289