<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial, helvetica, sans-serif;font-size:12pt"><DIV></DIV>
<DIV>The way I approach things like this is that I am not a permanent employee of the company, therefore I do not acquire assets for the company if that asset outlives my tenure. I do this whether that asset has a cost or not. I won't even get a Google Analytics key, which is free. Someone who is permanently with the company must acquire it and provide me with the usage information, such as keys. What are they going to do when that certificate expires, call you back for ten minutes of work?<BR> </DIV>
<P><FONT color=#ff007f size=4 face="bookman old style, new york, times, serif"><EM><STRONG>Nancy</STRONG></EM></FONT></P>
<P> </P>
<P><FONT face="arial, helvetica, sans-serif">Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.</FONT></P>
<DIV><BR></DIV>
<DIV style="FONT-FAMILY: arial, helvetica, sans-serif; FONT-SIZE: 12pt"><BR>
<DIV style="FONT-FAMILY: Courier New, monaco, monospace, sans-serif; FONT-SIZE: 10pt"><FONT size=2 face=Tahoma>
<HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Gordon Heydon <gordon@heydon.com.au><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> Drupal Development <development@drupal.org><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Mon, February 28, 2011 11:43:49 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> [development] A Rose By Any Other Name... SSL Certs<BR></FONT><BR>Hi,<BR><BR>I have a new client and they require me to get an SSL certificate. Ideally an EV certificate because they detail with financial information (not credit cards) and would ideally require a higher level of identifiable security that what a standard certificate provides.<BR><BR>Usually for clients that do not really require any real security for there website and when a self signed certificate will do, I will use a free certificate from <A href="http://startssl.com/" target=_blank>startssl.com</A>, not only does it give the full security their
certificate authority is recognised by all browsers.<BR><BR>While grabbing a certificate for another client I noticed that they offer an EV certificate for US199 for 2 years, where as <A href="http://thawte.com/" target=_blank>thawte.com</A> (who I usually use when I need a proper certificate) for the same certificate si $US995 for 2 years. and verisign is 1730 for the same.<BR><BR>I know that technically there is zero difference in security between the 2 providers and they will both provide the exact some levels of encryption.<BR><BR>The EV certificate from startssl.com is 1/5 of the price of one from thawte.com so looking that it is a much better financially. but the issue is really "trust". Thawte.com or even Verisign have a much higher level of trust and what startssl.com has. Would a normal person (not like us) really care about this.<BR><BR>Remember also to provide an EV certificate you still need to meet some strict guidelines.<BR><BR>I am
conflicted with this, on the one hand I can provide my client with a financially acceptable option that will give their clients a much higher level of identity, and make sure they are dealing with my client, but on the other hand it is not a thawte/verisign.<BR><BR>Comments please.<BR><BR>Thanks in advance.<BR>Gordon.</DIV></DIV></div></body></html>