back to article GeoTrust founders offer free SSL

Four former GeoTrust executives have returned to the SSL market after a five-year absence with the formation of a new company, AffirmTrust, which will compete with their alma mater. Expected to launch in July, AffirmTrust plans to kick off its marketing by giving away three-year basic validation certificates for free. Extended …

COMMENTS

This topic is closed for new posts.

Market $450 against $50?

After being voluntarily eaten by the borg these guys are back to do it again? What a come back plan - market a $450 cert against a $50 cert! How intelligent of them! Maybe they will sell 10 of them and then be aquired by Sony.

0
1

Not to mention

that even a free basic validation cert doesn't do you a hell of a lot of good until the common browsers know about the issuing CA -- until that happens, people will be getting certificate-validation warnings whenever they go to your site, which has pretty much the opposite of the confidence-building effect provided by a proper cert from a CA anyone knows or cares about.

Also GoDaddy EV certs are currently $37.50 a year, which, if my figures are right, works out by comparison to roughly "you'd have to be stupid to buy an EV cert from these GeoTrust morons".

0
0

Need to read more carefully ...

OK, it's easy to get mixed up as the article isn't all that clear without careful reading, but this outfit is pitching "free" against $50 from Go Daddy. $450 is for their enhanced certificates, which the article doesn't give a comparable price for from Go Daddy.

1
0
Anonymous Coward

Try reading the article

They are marketing a $0 cert against a $50 cert. Although they are marketing the $450 against a $100 cert so that is not going to do so well.

3
0
Silver badge

$50?

$8.95/year at namecheap for a Comodo PositiveSSL certificate and they work fine. $139 for a green bar.

0
0
Silver badge

Bought a GoDaddy cert recently

Cost me £50 for 5 years - only basic validation obviously, but it's hardly bank-breaking stuff nowadays. Hell, I pay more than that to the company hosting my domain name, and my hosting is another bill of a lot more still.

If you have a need for SSL for securing transactions, the prices for basic certs are a drop in the ocean compared to everything else (e.g. PCIDSS standards, hosting, commission, etc.). If you have a need for SSL just for the encryption, then you can get stupidly cheap certs that fit the bill.

And when it comes to security, I'm not sure "Our website uses a free SSL certificate!" is particularly confidence-inspiring in either the website or the certificate issuer.

2
0
Silver badge

Does anyone care

Provided they have the padlock on the screen and no error messages, does anyone actually look at the SSL certificate? I know I generally don't. Certainly if it is for my own internal exchange server which I know is legit anyway, I'm just looking for something to save me the hassle of installing self-signed certificates in every browser I use.

2
0
Silver badge
Thumb Up

indeed

we use a dirt cheap SSL cert too - its for OWA and our alfresco portal. Only staff use it anyway so as long as it avoids browser CA rejections we are good to go.

0
0
Bronze badge

Already a trusted CA

StartSSL, free certs, win

2
0
FAIL

But - Offline?

There website is offline for the next four days....

Not something I'd expect from a company running critical infrastructure... What if you need to revoke a cert?

0
0
Silver badge
Thumb Up

indeed

plus is their CA in modern browsers?

IPSCA offer free *wildcard* SSL to education too.

0
0
TJ1
Thumb Up

Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple

(spullin mistax figxed)

Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=633546

Chrome: http://code.google.com/p/chromium/issues/detail?id=48608

Opera: http://my.opera.com/rootstore/blog/2010/07/28/new-roots-new-ev-and-a-new-public-suffix-file

Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/may-2010-root-update-new-cas-and-new-root-certificates.aspx

Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415

0
0
FAIL

Of course,,,

None of this will do anything to address the fact that the whole SSL certicate chain and "trusted issuer" system is fundamentally broken; the Reg ran an article on exactly this point a month or two ago.

2
0
TJ1
Thumb Up

Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple

Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=633546

Chome: http://code.google.com/p/chromium/issues/detail?id=48608

Opera: http://my.opera.com/rootstore/blog/2010/07/28/new-roots-new-ev-and-a-new-public-suffix-file

Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/may-2010-root-update-new-cas-and-new-root-certificates.aspx

Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415

0
0
Thumb Down

Never liked GoDaddy myself

GoDaddy may be cheap for SSL certs but the last time I used them they had the sharp practice of defaulting to auto-renewing the SSL and taking the money off me with no warning.

After that debacle, I use Servertastic now - the cheapest UK reseller of RapidSSL certs - buying in batches of 10 or more works out at about 6.50+VAT each. Nice to be billed by a UK company in UK pounds for your SSL certs too!

BTW, b166er, StartSSL.com is "offline until 20th June" - doesn't inspire much confidence in them!

0
0
TJ1
FAIL

StartSSL offline for several days!

Not a great inspirer of confidence in a 'free' provider:

"We apologize for the temporary inconvenience. The service will be offline until Monday, the 20th June 2011. Thank you for your understanding."

http://www.startssl.com/

0
0
Devil

Hidden agenda?

>"AffirmTrust plans to kick off its marketing by giving away three-year basic validation certificates for free. Extended validation certs will cost $450."

Sounds to me like they're trying to make basic (i.e., no) validation even more worthless than it already is, in order to boost the market for the supposedly-more-secure extended validation certs. Commoditize the complement and all that.

The flaw in their plan, of couse, is that a $0 basic validation cert doesn't actually offer your end-users any more or less guarantee of security than a $450 enhanced cert.

The non-flaw in their plan, of course, is that most big web hosts don't actually care about the security of their end-users, and most of their end-users don't know the difference.

0
0
Silver badge

Everyone is going to want SSL soon ...

if the google sponsored SPDY extension to the HTTP protocol comes in. (This is the thing that is supposed to make a 50% improvement in downloading a web page.) SSL is integral to SPDY, ie google is trying to make everyone use SSL all the time -- the speed improvement will be a strong motivator for most people.

0
0
Bronze badge
FAIL

StartSSL

Cert still works, what conclusion have you jumped to?

0
0
Silver badge
Facepalm

yes

but what if you need to *REVOKE* a certificate. Oh its ok, i'll wait till monday. (It is a friday afterall!)

0
0
Silver badge
Unhappy

I just wish...

...it was possible to turn on encryption without certs or warnings. I'm not selling anything, I'm not asking for personal details, but in this day and age the ability to leave the realm of "all in the clear" would be welcomed. My server can SSL, so can my browser. Why is there no "make it so" option that doesn't involve scary warnings from a browser?

0
0
Bronze badge
Stop

DNSSEC, and an SSLkey record type

See title

Then we can forget about all of these dappy certificate issuing bodies and roll our own without warnings - the browser (or other application which wishes to communicate securely) can simply look up the required certificate via a secured sideband transmission.

If we want to get all clever about it then why not add DNSCurve to the list as well, encrypt the DNS queries as well...

0
0

I still miss the Web of Trust

anyone remember the Thawte Web of Trust? For personal certs it was a great idea that scaled well and added the ability to actually sign emails (though not gen SSL certs)

I wonder what the opportunity would be to take that idea though and deploying it for extended validation SSL certs and undercut all these guys

0
0
This topic is closed for new posts.

Forums