On Friday, 01/15/2010 at 05:18 EST, David Boyes <dbo...@sinenomine.net> wrote: > Www.cacert.org. A good start to eliminating the excessive pricing charged > for a very small number of bits and one time per year checking that it's > still active. > > I don't mind people making a profit, but it shouldn't be 500% the cost of > providing the service.
It is all about the web of trust. I don't care where other people get their certs or how much they pay for them as long as they are ultimately assured by someone *I* trust. As it turns out, the only entity I actually trust is the OS vendor. I trust Microsoft, for example, not to put just any old CA in the trusted set of certificates on Windows in some service pack. (Few ever look at the certificate chain in their web browsers.) Certificates are great as they provide the authentication, privacy, non-repudiation and convenience many people are looking for. As noted, though, they aren't truly free, no matter how little you pay for the certs themselves. You have to build/buy processes for server admins and individuals to get certs and for the enterprise to manage them. The work doesn't get done by itself. Alan Altmark z/VM Development IBM Endicott
