Certifiable
I’ve been renewing the certificate for our secure web server. Here’s what that means, in less dense terms: we just paid a company to agree, for a further two years, to confirm that we are who we say we are when you start an encrypted conversation with our server. (It’s easy enough to exchange keys and have an encrypted conversation, but how do you know you’re talking to who you think you’re talking to?)
It reminded me of an article in the June issue of ;login: about an open-source certificate authority which would issue certificates for free. The catch? Very few browsers recognize it as a certificate issuing authority, which means its standing as a verifier of identity is pretty low. It’s easy to add a certificate authority to your browser, but how many people will do that? Probably not the 9x% of the internet using IE.
Meanwhile, there’s an implication that in the IE vs. Netscape days, all it took to be included as a certificate-signing authority was a check with the appropriate number of zeros sent to the software company.
Needless to say, I had a hard time convincing myself that our $300 was well-spent.
Now Playing: Honest Pleasure from Tomorrow by James
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)
Comments
Unless you conduct a lot of online business reasonable options are to utlise Ebay or Amazon’s existing payment systems. It is a lot cheaper (free, minus a small % transaction fee, which you will be paying anyway to your credit company), you have millions of already-registered users, and people trust it!
Posted by: Monjo | December 2, 2004 5:16 AM