I remember reading a thread on here a long time ago whereby Melih was pretty much laughing about SSL cert’s signed by CA’s, and then he explained how EV cert’s were different. He was basically saying that any criminal can display a yellow padlock.
Question:
So my question is, why aren’t trusted (by browsers) SSL cert’s free?
The reason I ask is because I’m currently building a “Security Awareness” Facebook application in PHP which will show Facebook users exactly what data they may be putting at risk when they’re about to install a Facebook application. So I need SSL for security, but I don’t want to pay for security: I’m not asking for a freebie. I’m asking for general advise.
I plan to host my Facebook applications on my local VMware ESXi server.
The “Security Awareness” Facebook application data won’t be stored in a database.
Facebook are forcing app’ developers to use SSL by 1st October this year.
Exactly, people who work for Comodo have family to feed, Comodo give enough away as it is for free and in turn doing so dedicate a lot of resources/money to the cause. You can’t expect them to also offer the revenue side of the business for nothing surely?
Don’t take offense OP, surely even you can understand this? :a0
You should also be aware that I wasn’t referring to EV certs. And nor was it me who mentioned Comodo staff. I meant all CAs who sign DVs autonomously.
Luckily, Facebook allows self-signed certs. So you can host your Facebook app’s locally. Just tell your users to be aware that their browser may warn them that the site’s not “trusted”.
You could punish them by giving out DVs for free. ;D
This could also solve the DV problem. The general consensus would likely become that the “yellow padlock” just means that the connection is secure; and nothing more…
I think it would then be easier for IT people to explain the difference between DVs and EVs.
