Verisign has bought Geotrust. For one possible reason why, see Geocert’s “comparison with Verisign” page, and the market share graphs therein. It seems Geocert are a Geotrust reseller; although I don’t know if the similar name denotes a closer relationship. I wonder how long that page will last on their servers? :-)
We already stand in long lines at the airport holding our shoes and now we won’t be able to buy SSL certs at a decent price. I guess the terrorists have won…
Someone should file an antitrust complaint with the Massachests (GeoTrust) or Delaware (Verisign) attorney generals.
I think I’ll just stick to using self-signed ones.
What I really don’t understand is how having more money makes you more secure. It seems the trend is to make SSL certs more expensive… does that really make the net more secure?
Or would it be more secure if they became more affordable to small businesses trying to make it online?
I’d personally like to see more affordable certs become available. So that it’s completely inexcusable for a website to not use it when needed regardless of size and revenue.
Robert: In theory, at least, the money goes towards checking that the company is who they say they are, that the applicant is actually employed by them, and that the company owns the domain in question. Miss out any of these checks, and you could accidentally issue a cert to a fraudster.
That’s in theory. I’m not going to get into what actually happens in practice. I just hope that EV certs improve the situation.
That page has now been pulled from the Geocert site (but the Google cache still exists).
Amusingly one of the questions on that page was “Is VeriSign gaining market share or GeoTrust?”. That sounds like it’s sloppily worded, but with hindsight it can be seen that the answer “VeriSign is gaining GeoTrust” was the right one!