Local website purchase SSL or self signed?
-
@Dashrender said:
The reality perhaps is a loss of security, but the hope was that EV would show the consumer that the site went through more rigorous verification process, so you should be able to trust that that they are who they say they are.
I feel like this is one of those things that I would say and people would point out that I'm crazy and a tech and that absolutely zero consumers would understand this or look into it. It's all for the sales, I think, not at all for the security.
I'll call anyone that thinks this crazy
@scottalanmiller is most certainly right here. There is nothing security related here. it is all good marketing allowing cert providers to charge more money for something no one cares about and does zero for security.
-
@JaredBusch said:
@scottalanmiller is most certainly right here. There is nothing security related here. it is all good marketing allowing cert providers to charge more money for something no one cares about and does zero for security.
Agreed 100%. There is zero benefit to having the more expensive certification from a technical standpoint. Probably also zero from a marketing and reputation standpoint.
-
@coliver said:
@JaredBusch said:
@scottalanmiller is most certainly right here. There is nothing security related here. it is all good marketing allowing cert providers to charge more money for something no one cares about and does zero for security.
Agreed 100%. There is zero benefit to having the more expensive certification from a technical standpoint. Probably also zero from a marketing and reputation standpoint.
That would be my guess. I can't see a company touting this in a useful way. How would you present it?
"We spent more on our SSL cert than our competitor."
Customers would say "What's an SSL cert and why are you wasting money on a more expensive one?"
-
@scottalanmiller said:
@coliver said:
@JaredBusch said:
@scottalanmiller is most certainly right here. There is nothing security related here. it is all good marketing allowing cert providers to charge more money for something no one cares about and does zero for security.
Agreed 100%. There is zero benefit to having the more expensive certification from a technical standpoint. Probably also zero from a marketing and reputation standpoint.
That would be my guess. I can't see a company touting this in a useful way. How would you present it?
"We spent more on our SSL cert than our competitor."
Customers would say "What's an SSL cert and why are you wasting money on a more expensive one?"
Not even customers... how would you present this to shareholders? "We spent money on something that has no proven track record of being more secure or more marketable then the cheaper option." Doesn't make sense to me.
-
Well, thankfully minutia like SSL Certs is rarely presented to shareholders
-
@scottalanmiller said:
Well, thankfully minutia like SSL Certs is rarely presented to shareholders
Right... I'm not even sure how much more expensive it is... just seems like it would be one of those... "If they are wasting money on that, what else are they wasting money on?" Situations.
-
Yet many banks and Paypal, eBay, etc all use the EV cert.
-
@Dashrender said:
Yet many banks and Paypal, eBay, etc all use the EV cert.
many people use SAN also. The point is the marketing worked. Not that the solution is correct.
-
uh.. Isn't SAN a different situation altogether?
-
@Dashrender said:
uh.. Isn't SAN a different situation altogether?
No. Both are a waste of money with little true value and hyped or marketed heavily as a good thing.