SSL has always been priced on a yearly basis (VeriSign set the industry standard)..... the technology was designed that way....

I have been thinking about different pricing models --- not taking the same industry standard approach.... maybe a little more flexible that allows for monthly payments etc....

But my question is what do you think... How should SSL be priced in a way that is fair to the host, consumer and ssl provider?

I would appreciate any thoughts or ideas.... (as a starter -- free will not work -- unless there is a follow on revenue model that works with free).

I think yearly is fine - $50 to $100 isn't a lot of money after all, considering what a SSL cert is used for. As it works whether there's support for it or not I don't feel monthly fees are worth the trouble.

Side note:
shame we never heard back from you guys regarding reselling your certs... a good thing we don't need support to install them if the lack of response is any indication.

Greg Moore

Greg -- Can you send me an email at nealc@geotrust.com and just let me know what happened with GeoTrust -- I appreciate it...

The only reason I think about monthly fees is that hosts have drop off rates -- but if you collect the money for the SSL cert/ install upfront I guess it is no big deal.

Neal

Originally posted by GeoTrustCEO
just let me know what happened with GeoTrust

nothing happened. I e-mailed regarding having our business resell your certs as mentioned on the website. no response.

But having said that, we still use Geotrust. It works, it's affordable compared to Thawte and their money grab, and getting one is a simple process. We have another server going online next week and we'll be using Geotrust to secure that too.

I think there could be a little work on that enquiry end of things though. Even if it was a simple "No, we don't want you"

Greg Moore

Ok -- fair enough.....

well, everyone is raising SSL prices lately :D

A monthly-quarterly payment on things like wildcarded, and higher priced things, but the price for a general cert is low enough it would be more of a hassle...

Our dilemma is this:

We were recently informed by Thawte that their SSL certificate license requires one certificate for every server. We have a cluster of load-balanced webservers right now, each of which responds to https://secure.modwest.com (and many different customer certs). All the webservers NFS-mount a central fileserver, so each cert is only installed once.

We are concerned that if an SSL provider requires us to have a cert for every server, this will become very expensive very quickly as we grow.

We detailed our grievances to Thawte, and they promptly terminated our reseller account.

We tried InstantSSL, but it really is not supported well enough by Mac/AOL browsers -- we had 3 dozen complaints within 14 hours of switching. Some of the complaints were regarding a complete failure to negotiate an SSL connection (128-bit incapable browsers) and others gave a warning abotu the root CA not being recognized.

Bottom line, we are looking to switch SSL providers.

So we need:

* ability of certs to step down to 40 bit for export version browsers that are incapable of 128 bit SSL
* license requirements that do not include a count of physical load-balanced servers
* good support for 99%+ browsers, including recent versions of IE for Mac


Thanks in advance for any tips or suggestions.

Hi,

Don't most CA's charge licensing fee's if the cert is to be used on more than one server?

Interested to hear what the status quo is.

Cheers,

Yearly subscription is right.

I suggest $50 or $5 mo. for a certificate. Server-wide certificates I'd price at $150, or $15/mo. Just my suggestion.

Frankly, what does a CA do that a certificate should cost so much?
I see a trend to go to free certificates, and think that's what will eventually happen if some of these CA's keep their prices so high.

Me, for $50 or less, I'd probably buy one. If over $50, I'd just use self-sign my own for $0.

We're using SSL certs to secure XML Web Service application servers. Inside a organization, self-signing is fine. But any organization to organization connection needs to be signed a "proper" certificate.

Anything over $50 dollars a year is a heavy operating expense for small companies that just want to expose a Web Service.

Can anyone comment on the array of load balanced webservers licensing question?

We are working on a new pricing model for that....

We have some good suggestions coming in on our site on our web hosting discussion group.... licensing seems to be a hot topic.

i work with web farms, but i don't see any reason for special pricing.

if you have a farm of 10 win2k advanced servers with coldfusion, you have to buy software for each.

just a thought

I'm interesting in the multiple server part too, as we offer free SSL to our customers via a wildcard cert and don't feel like paying $500 for each server that the Wildcard cert services as there may be only 5 or 10 customers per server who actually use it. The idea of the wildcard was to get maximum value from it by using it across all the servers.

Can you tell me which browsers you don't support with your cert? And is there any trial period or money back guaranty? Your cost may be quite good when you compare with Verisign and Thawte but I don't know you well and I think a lots don't either. I think first of all you should promote yourself. By this way maybe you can use monthly ( quarterly or semi-yearly better ) pricing type.

Originally posted by GeoTrustCEO
We are working on a new pricing model for that....

We have some good suggestions coming in on our site on our web hosting discussion group.... licensing seems to be a hot topic.

Neal

I thought you might be interested in InstantSSL wildcard certificate pricing. You are right that the people in the industry need a new pricing for ssl licensing and InstantSSL has a pricing for wildcard certs at $450 each and only $10 for additional servers! This is going to create a serious dent on other CAs revenue!!

Hosty

I don't think InstantSSL is a threat to the industry at all. With all the spamming done by the "Comodo dragon", I wouldn't have one if it was only $1.

The idea of the wildcard was to get maximum value from it by using it across all the servers.

I totally agree. Oh, how I love telling this story and now you all get to hear it too. ;)

April 1998. We had just started hosting and had purchased a wildcard cert from Thawte for $125 for use on a single server with multiple host names. This was before they got bought out by that piece of BS called Verisign. We were happy, they weren't complaining. We renewed once after the initial purchase for $125.

April 2000. Time for second renewal. By this time we had expanded considerably and had about 40 servers using the wildcard certificate. Thawte had been bought out by Verisign in December 1999. We suspected there would be trouble, but Verisign had promised prices wouldn't suddenly go up. What a load of bull! Here's a quote from their email:

February 1, 2000

Dear Thawte Customers and Future Customers:

In December, VeriSign and Thawte announced their intentions
to join forces. We hope this letter addresses any questions
you may have about what this will mean for you.

Please be assured that none of the things you love most about
Thawte will change after the acquisition. This includes:

- Low prices for SSL Server and Personal Certificates
- The people you have dealt with at Thawte
- Our commitment to innovation

VeriSign and Thawte are committed to providing a low entry
price for sites that wish to conduct secure e-commerce using
SSL. In fact, we guarantee that Thawte SSL Server Certificates
will continue to be available to both existing and new customers
for $125 (or less!) at least through February 1, 2001. This
is a firm offer which you can take advantage of at any time
during this period. You can print out this page and save it
as proof of our guarantee.

Well, wouldn't you know it! They wanted to charge us $500 for the wildcard cert renewal in spite of their promise. Oooh, it made me so mad. :angry: Granted, we could afford it, but it's the principle of the matter.

We decided to check out Equifax Secure instead. They were selling certs for $89 each. A dang good deal. I didn't see anything on their site saying we couldn't get a wildcard cert for that price, so I gave it a try. An email came back that said they wanted to charge $1000 for a wildcard cert. Not easily dissuaded from my dash away from all things Verisign, I negotiated it down to $500 since that's what the Versigned version of Thawte was charging for the same thing. All went smoothly during our year of use of the wildcard cert.

April 2001. Sweet! Equifax Secure was honoring the renewal price of $500! We were using the cert as a shared SSL cert for our customers on about 50 servers at this point. We were happy clams and telling all of our customers to ditch Verisign/Thawte and buy their single host certs from Thawte.

April 2002. Bloody moronic frigging pigmy monkies!! GeoTrust had bought out Equifax Secure in September 2001, before our wildcard cert came up for renewal. They tossed the single host cert holders a bone and allowed them to renew for $79 one more time. But, all us wildcard cert holders (we couldn't have been the only one) got a drive-by rubber glove bum frisk from GeoTrust. They suddenly wanted to charge us $500 per physical server claiming that's the way it had always been. :eek: Another load of bull, but this one topped even Verisign. By this time we had 60 or so servers using our wildcard cert for a shared SSL cert that customers could use via directory space. We thought at first that there was some misunderstanding. There was no way that I was going to pay $30,000 dollars for them to garble a bit of text and call it a product. After several heated emails, GeoTrust wasn't budging and didn't care that our previous renewals were only $500.

By this time, Thawte was still charging $500 for a wildcard cert plus something like $200 per additional physical server beyond the first one. This was better than what GeoTrust was offering, but still a bloody rip-off. Verisign, of course, didn't offer wildcard certs.

Our solution? At first, we just bought a QuickSSL cert from GeoTrust to use on our order site and our customers got to use a lovely self-signed cert for their shared SSL or they had to purchase their own cert if they didn't want the pop-up warning for their customers. It obviously ticked a few of our customers off, but what were we to do? I sure as hell wasn't going to fork out $12,300 or more every year for a cert that was being used for shared SSL by our customers.

After a bit of research, we learned that anyone could make their own root CA certificate for signing certs. So, we did. We did the same thing that Thawte did when their root CA cert expired in 2000. We told everyone how to install our root CA cert into their browser so they didn't get the warning. We now offer free cert signing to our customers using our root CA cert. They love it and it didn't cost us one red cent.

If the players in the cert industry are going to play their moronic little games and treat customers like doo doo, then we'll just usurp their business until Microsoft gets enough requests and adds our root CA cert to the new browser releases. Then, they're all going down. They deserve it and I'll show no mercy.

So, who wants their free SSL cert? We'll hook you up if you're a customer. Sorry, can't do it for non-customers because we only do identity verification on customers.:)

Thanks for that, Andrew. Sounds like you've really been thru the game of SSLs. Darn it, you are doing just what I want to do. I wish you would PM me and tell me how to figure this self-signed thing out. If not, I'll get it done somehow on my own.

Paid SSL issuers... I doubt if they even try to verify the businesses are who they say they are. Even if they do, how much is it worth for them just to sign a certificate? Certainly no more than $25. I say we all go self-signed. I really don't think most people check out certificates. Most of the tme, if people see that security lock without a warning, they trust it.

But if you use a self signed certificate, you'll get a warning as a non trusted authority.

the idea of a monthly fee for a wildcard cert useable on as many servers as you want appeals to us.

Originally posted by chrisb
Thanks for that, Andrew. Sounds like you've really been thru the game of SSLs. Darn it, you are doing just what I want to do. I wish you would PM me and tell me how to figure this self-signed thing out. If not, I'll get it done somehow on my own.

Paid SSL issuers... I doubt if they even try to verify the businesses are who they say they are. Even if they do, how much is it worth for them just to sign a certificate? Certainly no more than $25. I say we all go self-signed. I really don't think most people check out certificates. Most of the tme, if people see that security lock without a warning, they trust it.


chrisb, you are right about some of the SSL issuers don't even validate the company yet charge $119 for 200milisecond of computer time!! We all know what cost money is not the signing process but verification of the company. Geotrust is the only CA who do not validate the companies authentication yet they charge $119 for that! InstantSSL is the only company who, I know of, offer full validation of the company, back it up with a warranty and only charge $49. But if you are a hosting company like we are, then they offer discounts so that we can buy it less than $40 per certificate. Now, that aint a bad deal for fully validated 99% browser coverage with warranty. Thawte do not even offer warranty.

Unfortunately, rightly or wrongly the end users have been educated/told to "trust" if they see the yellow padlock. Even though technically ssl is not built to offer identity assurance, this is what the users expect. So until we offer a proper identity assurance infrastructure (which I believe Comodo (instantssl) people are doing with IdAuthority) that could offer identity assurance to end users the meaning of SSL yellow padlock will continue and should continue to mean both identity validation and encryption. Geotrust, by not validating the companies authenticity and issuing SSL certs inspite of this is breaking this trust that users have without resolving the issue of identity assurance! First the problem of identity assurance must be solved so that end users have a means of verifying the legitimacy of the website/company. This is why Gartner has published a report really slating Geotrust for issuing ssl certs without validation. Now, thanks to Geotrust people will trust the yellow padlock thinking that the company legitimacy have been validated and do shopping with that website and only to realize that the company does not exist and is a fraudster! By validating the company you are reducing (not eliminating) the risk of this.

So, at some stage, I personally think that SSL certs should be priced at less than $10 just as an encryption certificate and there should be other mechanisms to verify identity of the website, hence we achieve both identity assurance as well as encryption of the link between the end user and the website. But this should only come about when we can offer Identity Assurance!

Hosty

Jedito. I've seen a couple of secure pages that had no cerificate info and no warnings, so I assumed they were self-signed, or maybe not signed at all??? A previous host of mine, Net Hollywood (gone out of business, now) didn't have a warning on their shared certificate either. ...so I know it CAN be done, just not sure how.

Well, I may still get a Geotrust certificate some day. I really don't care whether they verify the businesses or not. To me, the spamming that Comodo has done is far worse, and I would pay $500 for a certificate before I'd give a known spammer like Comodo, $50. (I have first-hand knowledge that Comodo spams because they have sent me spam at home on many occasions.)

Originally posted by advantagecom


I totally agree. Oh, how I love telling this story and now you all get to hear it too. ;)

April 1998. We had just started hosting and had purchased a wildcard cert from Thawte for $125 for use on a single server with multiple host names. This was before they got bought out by that piece of BS called Verisign. We were happy, they weren't complaining. We renewed once after the initial purchase for $125.

April 2000. Time for second renewal. By this time we had expanded considerably and had about 40 servers using the wildcard certificate. Thawte had been bought out by Verisign in December 1999. We suspected there would be trouble, but Verisign had promised prices wouldn't suddenly go up. What a load of bull! Here's a quote from their email:



Well, wouldn't you know it! They wanted to charge us $500 for the wildcard cert renewal in spite of their promise. Oooh, it made me so mad. :angry: Granted, we could afford it, but it's the principle of the matter.

We decided to check out Equifax Secure instead. They were selling certs for $89 each. A dang good deal. I didn't see anything on their site saying we couldn't get a wildcard cert for that price, so I gave it a try. An email came back that said they wanted to charge $1000 for a wildcard cert. Not easily dissuaded from my dash away from all things Verisign, I negotiated it down to $500 since that's what the Versigned version of Thawte was charging for the same thing. All went smoothly during our year of use of the wildcard cert.

April 2001. Sweet! Equifax Secure was honoring the renewal price of $500! We were using the cert as a shared SSL cert for our customers on about 50 servers at this point. We were happy clams and telling all of our customers to ditch Verisign/Thawte and buy their single host certs from Thawte.

April 2002. Bloody moronic frigging pigmy monkies!! GeoTrust had bought out Equifax Secure in September 2001, before our wildcard cert came up for renewal. They tossed the single host cert holders a bone and allowed them to renew for $79 one more time. But, all us wildcard cert holders (we couldn't have been the only one) got a drive-by rubber glove bum frisk from GeoTrust. They suddenly wanted to charge us $500 per physical server claiming that's the way it had always been. :eek: Another load of bull, but this one topped even Verisign. By this time we had 60 or so servers using our wildcard cert for a shared SSL cert that customers could use via directory space. We thought at first that there was some misunderstanding. There was no way that I was going to pay $30,000 dollars for them to garble a bit of text and call it a product. After several heated emails, GeoTrust wasn't budging and didn't care that our previous renewals were only $500.

By this time, Thawte was still charging $500 for a wildcard cert plus something like $200 per additional physical server beyond the first one. This was better than what GeoTrust was offering, but still a bloody rip-off. Verisign, of course, didn't offer wildcard certs.

Our solution? At first, we just bought a QuickSSL cert from GeoTrust to use on our order site and our customers got to use a lovely self-signed cert for their shared SSL or they had to purchase their own cert if they didn't want the pop-up warning for their customers. It obviously ticked a few of our customers off, but what were we to do? I sure as hell wasn't going to fork out $12,300 or more every year for a cert that was being used for shared SSL by our customers.

After a bit of research, we learned that anyone could make their own root CA certificate for signing certs. So, we did. We did the same thing that Thawte did when their root CA cert expired in 2000. We told everyone how to install our root CA cert into their browser so they didn't get the warning. We now offer free cert signing to our customers using our root CA cert. They love it and it didn't cost us one red cent.

If the players in the cert industry are going to play their moronic little games and treat customers like doo doo, then we'll just usurp their business until Microsoft gets enough requests and adds our root CA cert to the new browser releases. Then, they're all going down. They deserve it and I'll show no mercy.

So, who wants their free SSL cert? We'll hook you up if you're a customer. Sorry, can't do it for non-customers because we only do identity verification on customers.:)

Dear Andrew

I totally agree with what you are saying. I am just about to purchase a Wildcard from a company called Comodo. They have just recently dropped their prices and you can now purchase a WildCard certificate just for $449 and secure unlimited multiple sub domains. The great thing is that for each server after that they are charging just $10, quite incredible if you ask me. There site is www.instantssl.com if this may help you.

Originally posted by chrisb
Well, I may still get a Geotrust certificate some day. I really don't care whether they verify the businesses or not. To me, the spamming that Comodo has done is far worse, and I would pay $500 for a certificate before I'd give a known spammer like Comodo, $50. (I have first-hand knowledge that Comodo spams because they have sent me spam at home on many occasions.)

I am a hosting company, and I have not been spammed by them... but even if I had been, I would have been grateful to know about the cost savings they have provided our company.

I have saved a fortune on wildcards and individual certs.... and just about to offer all my customers free personal digital certs as well.

Your company must be doing much better than mine if you can afford to be ethical on your purchasing.... or are you a GeoTrust reseller!

The way I look at these things is if people contact me about relevant industry stuff ... I don't read it as spam .... send me a mail about cheap holidays and I react badly.

So I think you need to get real!

I do not think our wildcard pricing for server license ir right.

Last week -- folks here told me that FreeSSL should be free for one year. We are making that change today it looks like.

I hear you on server licenses. We are the same people from Equifax --- so you know this was basically a name change to GeoTrust in a move to get outside of Equifax.

If you have any suggestions to improve our pricing or products just send me an email at nealc@geotrust.com.

We are always listening and looking for constructive ways to make improvements.

Neal

Originally posted by GeoTrustCEO
I do not think our wildcard pricing for server license ir right.

Last week -- folks here told me that FreeSSL should be free for one year. We are making that change today it looks like.

I hear you on server licenses. We are the same people from Equifax --- so you know this was basically a name change to GeoTrust in a move to get outside of Equifax.

If you have any suggestions to improve our pricing or products just send me an email at nealc@geotrust.com.

We are always listening and looking for constructive ways to make improvements.

Neal

Neal

its good of you to acknowledge the above. It makes a positive change from your earlier attitude and reluctance in this forum to accept anything or reply to any questions asked. Why not follow InstantSSL folks and make your wildcard pricing as below. They seem to be leading the SSL market.

1)$449 to buy the wildcard cert for a year
2)only $10 for each additional server
3)offer similar multi-year discounts like instantssl folks.


Just some thoughts

Hosty

JFYI, I *am* real. I am not a host. It was pure spam from Comodo.

I am not going to respond to folks from Comodo (sp?) on this board...(ie Hosty) -- all you kinda do is hang out here and comment on them.

but I will respond to constructive comments from Hosts.

We also have a discussion group on our site where hosts can make comments and suggestions.

Regards,
Neal

Originally posted by GeoTrustCEO
I am not going to respond to folks from Comodo (sp?) on this board...(ie Hosty) -- all you kinda do is hang out here and comment on them.

but I will respond to constructive comments from Hosts.

We also have a discussion group on our siet where hosts can make comments and suggestions.

Regards,
Neal

Neal

I am a host ( www.giointernet.com ) and here is a constructive comment from me to you:

Stop lying about your competition. This is driving people away from you. I am a good example. You lied, when questioned you couldn't back up your lies, I lost faith in your company I went to your competition. Not only have you lost a customer, but gained an enemy because you insulted my intelligence. I am not the only one, I know few other hosts who now have moved to instantssl from Geotrust, ask yourself, why?

I hope this is positive enough for you to stand up and take a look at what you are doing.

You are Geotrust's worst enemy!

Hosty

Originally posted by chrisb
JFYI, I *am* real. I am not a host. It was pure spam from Comodo.

out of interest, why would you be reading these forums and even responding if you are not a webhost?
FYI this is http://www.webhostingtalk.com! has your friend Neal (GeotrustCEO) asked you to come and support him, if so, pls help him, he needs it ;)

Hosty

hmmm...

Toasty Hosty......

Originally posted by GeoTrustCEO
hmmm...

Toasty Hosty......

Come on now Neal, stop being childish and answer the questions the web hosts like myself asking you:


1)Back up your statement about: "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in the certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate. This is a dangerous practice and Gartner has warned everyone about it.

You really are not doing any favours to Geotrust by avoiding legitimate questions asked by your own customers in these forums.

Hosty

Toasty Hosty......

why dont you just give me a call...

or send me an email to nealc@geotrust.com.

Originally posted by GeoTrustCEO
Toasty Hosty......

why dont you just give me a call...

or send me an email to nealc@geotrust.com.

why don't you answer the questions?

Hosty

Toasty Hosty ---

Why dont you just call me?

I will not bite you.....chomp chomp

Originally posted by GeoTrustCEO
Toasty Hosty ---

Why dont you just call me?

I will not bite you.....chomp chomp

you are very funny, ha, ha.

just answer the questions.

oh... toasty Hosty....

Did they post you full time to WHT.... How much are they paying you for that...

send me an email and I will send you my cell.... I am more than happy to talk with you guys.... and have pointed out that I wish your company luck.

Neal

Originally posted by GeoTrustCEO
oh... toasty Hosty....

Did they post you full time to WHT.... How much are they paying you for that...

send me an email and I will send you my cell.... I am more than happy to talk with you guys.... and have pointed out that I wish your company luck.

Neal

answer the questions Neal..... plain and simple.

What is the question this time Toasty??

Originally posted by GeoTrustCEO
What is the question this time Toasty??

Neal

its the same question you have been avoiding few weeks, but here it is again for you

1)Back up your statement about : "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in the certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate. This is a dangerous practice and Gartner has warned everyone about it.


Are you going to answer these questions that we have been asking for some time?

Toasty Hosty ---

I have to say -- .... things must be tough in your company..

If you are not competing well -- then you should just change something in your strategy.. Maybe try and get your own Root Key so you can eliminate the chain...

Call me lets chat -- I think this is not amusing to most folks here...

By the way, we just hit almost 15% market share on .com and .net --- and have been very active in the press. GeoTrust is a great company doing extremely well and I am not here to advertise it or bash your company (which I easliy could do, but won't).

You should take a break.


Regards,

Neal

Neal, forgive me for not knowing any back history you may have with other members of this forum....

Could you please answers the questions asked of you to allay any fears myself, and perhaps others, may have regarding the way your company do business.

Hope to hear from you soon

Originally posted by GeoTrustCEO
Toasty Hosty ---

I have to say -- .... things must be tough in your company..

If you are not competing well -- then you should just change something in your strategy.. Maybe try and get your own Root Key so you can eliminate the chain...

Call me lets chat -- I think this is not amusing to most folks here...


Regards,

Neal

please answer the questions asked. There are numerous people who openly asked you to answer them in this forum including one of your customers

here is what he asked you to do along with us all here:

********************************************
Varun Shoor
Web Hosting Guru

Registered: Jul 2001
Posts: 313


Neal,

why not answer the question he asked?

And no I dont work for InstantSSL


__________________
eSupport - Feature Packed & Robust Support System (Supports email+web based interface)
LiveResponse - The Ultimate Live Support Package (Unmatched features & Speed)
http://www.kayako.com
***************************************************


Neal please answer the questions, everyone, including your own customers want you to answer. (or is it cos you can't answer because its all lies and you can't back it up, so its easier to be branded as a brat, unprofessional and childish than a liar I guess ;) )

hosty

I have made it a habit not to respond to competitors on here. Boing you sound like a real host.

The True Site product demostrates Identity with True Biz... IBM runs it Gap runs it kmart runs it Palm runs it, Center for Disease Control (CDC), ABM Amro, Banana Republic, Old Navy,etc.., etc.. so I think if it is good enough for them these companies run both (QuickSSL and True Biz) it is good enough. Don't you agree....

they do their due dilligence pretty well.

Regards,

Neal

oh - Toasty comodo hosty.

go to bed....

Originally posted by GeoTrustCEO
I have made it a habit not to respond to competitors on here. Boing you sound like a real host.

The True Site product demostrates Identity with True Biz... IBM runs it Gap runs it kmart runs it Palm runs it, Center for Disease Control (CDC), ABM Amro, Banana Republic, Old Navy,etc.., etc.. so I think if it is good enough for them these companies run both (QuickSSL and True Biz) it is good enough. Don't you agree....

they do their due dilligence pretty well.

Regards,

Neal

Neal please answer the questions. You have not answered it. there are two questions and none of the questions relate to your True Biz product but your ssl product that you don't do validation on but yet display in the certificate as identity assured. Please explain this.

also answer the other question you have been asked about lies:

here are the questions again and answer the questions and don't avoid them by throwing some other garbage back to muddy the questions (I must admit you are very good at avoiding questions) but here it is again the questions you have been avoiding


1)Back up your statement about : "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in the certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate. This is a dangerous practice and Gartner has warned everyone about it.


Please note that the second question relate to your SSL certificate you issue that has no company validation yet it says in the certificate that "ensures the identity of a remot computer" same message as a fully validated certificate.

hosty

By the way -- for the other folks.....

We just relaunched FreeSSL.com today..... the certs are good for one year....

I think this good news and helpful since we did it in response to feedback here.

I am heading out for the night --- goodnight all.

Originally posted by boing
Neal, forgive me for not knowing any back history you may have with other members of this forum....

Could you please answers the questions asked of you to allay any fears myself, and perhaps others, may have regarding the way your company do business.

Hope to hear from you soon

you will never get an answer from him, I tried! They have been lying about their competitors on their freessl website to convince their customers when customers confront them with questions about competition. They show fressl website and say "look what this site says about competition they have problems" and uninformed customer take their word for it :mad: . We did not want to build a business that relied on lies to get customers and because we (a few webhosts) were slightly informed about the market and did NOT like what they were doing and some of us (ex geotrust resellers) moved to InstantSSL. for under $40 (our buying price) we can buy ssl certs from instantssl folks that has 99% browser coverage, they fully validate and issue pretty quickly. So, actually we now have a much better product (one of the guys who started reselling for Instantssl no longer gets flaming emails from his customers about security warnings from IE5.00 because geotrust is not compatible with IE5.00 which win98 comes with!!!)and a better deal with instantssl. (this is my personal opinion please do your own investigation if choosing an ssl provider, I personally found www.whichssl.com useful for facts. pls bear in mind that this site even though identifies facts, is owned by instantssl folks).

hosty

Originally posted by GeoTrustCEO
By the way -- for the other folks.....

We just relaunched FreeSSL.com today..... the certs are good for one year....

I think this good news and helpful since we did it in response to feedback here.

I am heading out for the night --- goodnight all.

this is useful indeed. Both geotrust and freessl has similar low browser coverage and until today geotrust was charging people $119 for this low compatibility certificates (not compatible with win98, you have to upgrade your root cert so that win98 will trust geotrust certs!). by making freessl free, i strongly suggest instead of paying $119 to geotrust go get freessl for free! Its very similar low browser compatibility for both!

But, if you want a proper certificate that wont cause security warnings, unlike geotrust/freessl certificates, i suggest you get it from, Verisign($350), Thawte ($200) or Instantssl ($49). All three has 99% coverage. (even 1% means 7million people not trusting your website as there are 700Million web users).

Judging by the latest surveys (http://www.securityspace.com/s_survey/sdata/200208/certca.html), I would say that geotrust is doing something right.
If Comodo had any business acumen, they wouldn't of incorporated their company in the UK where the activities of the CAs are subject to legislations such as the RIP act (rightful interception).
The bottom line is there are only few CAs that should be considered for e-commerce and Comodo is not one them. If you have a hobby site or need a certificate for your "control panels", Freessl will serve your needs at no cost.

Well, Geotrust works on my Win98 and I never had to do a thing. It doesn't work on my MSNTV. I tried to discuss it here with Neal and found his answers elusive, so I agree with you on that part, Hosty, but you know how I feel about Comodo too, so I'd pick "none of the above". :)

As far as SSL compatibility numbers go, I seriously doubt if any of them are 99% compatible. Those numbers are just a bunch of sales crap(hype). It's probably more like 71% compatibility. I can almost guarantee you that no CA takes the time to check every browser for their SSL compatibility.

Originally posted by chrisb
Well, Geotrust works on my Win98 and I never had to do a thing. It doesn't work on my MSNTV. I tried to discuss it here with Neal and found his answers elusive, so I agree with you on that part, Hosty, but you know how I feel about Comodo too, so I'd pick "none of the above". :)

As far as SSL compatibility numbers go, I seriously doubt if any of them are 99% compatible. Those numbers are just a bunch of sales crap(hype). It's probably more like 71% compatibility. I can almost guarantee you that no CA takes the time to check every browser for their SSL compatibility.

Chrisb the only time Geotrust was compatible with win98 without upgrading the root certs when they were chaining off Thawte. This is when Geotrust Certs were a good deal. But his stopped a few months back and they started issuing using Equifax root which is only in IE5.01+. Win98 comes with IE5.00, so unless 52% of PC users (thats a huge number) upgrade their root certs Win98 will NOT TRUST GEOTRUST CERTS. THIS IS A FACT!

anyway the issue with the Geotrust crowd is they are prepared to be deceitful and state blatant lies and they don't have the face to answer when questioned. I think this thread have gone long enough.

I have made my point. Geotrust is a lying, deceitful company who is building their business on lies and deceit and even putting their customers at risk because it is their customers who are displaying these deceitful statements on their own website.

I have asked the below questions directly to Geotrust CEO and their Technical guy (Marshall) and none of them answered these questions. Other members of the hosting community, including a Geotrust Customer urged Geotrust CEO to answer it but again he skillfully avoided answering because he knows its a lie.

here are the questions again FYI:

1)Back up your statement about : "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in the SSL certificates (that you don't validate) you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate. This is a dangerous practice and Gartner has warned everyone about it.

Again, I have made my point and exposed Geotrust for what they are, a Deceitful, unethical, Lying company who is building their business on Deceit and Lies.

Hosty

Originally posted by chrisb

As far as SSL compatibility numbers go, I seriously doubt if any of them are 99% compatible. Those numbers are just a bunch of sales crap(hype). It's probably more like 71% compatibility. I can almost guarantee you that no CA takes the time to check every browser for their SSL compatibility.

I wanted to respond to your compatibility question seperately.

Majority of stats tools do not differentiate between IE5.00 or IE5.01+ they simply treat it as IE5.X. This gives an opportunity to likes of Geotrust and Fressl to claim that they are more compatible than what they really are. Considering that over 50% of the PC users have Win98 and Win98 comes with IE5.00 these people will NOT trust Geotrust/freessl roots. They have to go and upgrade their root certs or upgrade the browser.

So in reality you are right with your estimation that Geotrust/freessl are between 70%-75% compatible, especially with Root certs that were included in IE5.01+ where they report misleading figures because they don't differentiate between IE5.00 (which is the bigger user base with Win98) or IE5.01. I know quite a few webhosts who do NOT use SSL certs unless they are compatible with IE5.00 because otherwise they get too many complaints from their customers regarding the security warning etc.

hosty

OK. I upgraded my IE. That's why I didn't have to do anything to get Win98 to accept the new Geotrust certificates.

hmmm... I wonder why Geotrust let their contract with Thawte run out and no longer use a Thawte root certificate???

It sounds to me like Geotrust's incompatibility is really with the browser, not with Win98 directly.

Originally posted by chrisb
OK. I upgraded my IE. That's why I didn't have to do anything to get Win98 to accept the new Geotrust certificates.

hmmm... I wonder why Geotrust let their contract with Thawte run out and no longer use a Thawte root certificate???

I don't think Geotrust had a choice;) Thawte did not want renew it as this time it was Verisign. Geotrust tried to threaten (what I hear thru the grape vines) Thawte but Geotrust is too small to threaten a company like Verisign. I can't blame Verisign, I would do the same, why should they let Geotrust sell certs at same quality as themselves and allow geotrust undercut them.

hosty

Originally posted by chrisb
It sounds to me like Geotrust's incompatibility is really with the browser, not with Win98 directly.

Well, technically speaking incompatibility is with whatever is stored in your root cert folder. The question is how this gets updated and how to measure the percentage of compatible internet users with a specific ssl provider. As I said in my previous posting the majority of the web stats tools do not differentiate between IE5.00, or IE5.01. Win98 comes with IE5.00, so in order to calculate who are compatible with geotrust certs you have to calculate how many win 98 users are out there and how many might have upgraded and then somehow combine it with weblogs but don't use IE5.X from your weblogs but replace this with percentages you get from percentages of Win98 users who might have upgraded their root cert (either thru patches or thru browser upgrades).

It is long winded and not many people know how to do this, and this is why likes of Geotrust, freessl etc claim they have a 90% browser coverage because they include in their stats IE5.00, and we know they are not compatible with IE5.00

hosty

this compatibility is also assuming that all users to the site are using windows and IE.

e.g. i run one site that caters largely to the amiga market, in this market windows is only used in a small proportion.

unless all browsers on different platforms are checked i don't see how anyone can claim 99% compatibility.

just because windows runs on XX% machines doesnt mean that your customers are using it.

i would much prefer a comprehensive list of what browsers, including versions, work with a cert.

my 2 cents

Originally posted by boing
this compatibility is also assuming that all users to the site are using windows and IE.

e.g. i run one site that caters largely to the amiga market, in this market windows is only used in a small proportion.

unless all browsers on different platforms are checked i don't see how anyone can claim 99% compatibility.

just because windows runs on XX% machines doesnt mean that your customers are using it.

i would much prefer a comprehensive list of what browsers, including versions, work with a cert.

my 2 cents

fully agreed. We need an indepedently audited browser coverage report! I really CANNOT believe Geotrust has more than 80% compatibility.

Is there anywhere anyone know about an indepedent report about browser coverage of SSL providers?
Cos, Geotrust seems to change the "FACTS";) on their website according to what their competitors announce:D
funny really.

hosty

Originally posted by hosty


Cos, Geotrust seems to change the "FACTS";) on their website according to what their competitors announce:D
funny really.

hosty
First, let me assure you that Geotrust has only Verisign as a competitor and no one else. As a matter of fact they sold more certificates in the last month than Entrust did during it's entire existence.
If you are in any way implying that what's good for the likes of IBM and PALM is not good for other businesses, then you sir once again are are talking out of you rear end.

Originally posted by Marshall

First, let me assure you that Geotrust has only Verisign as a competitor and no one else. As a matter of fact they sold more certificates in the last month than Entrust did during it's entire existence.
If you are in any way implying that what's good for the likes of IBM and PALM is not good for other businesses, then you sir once again are are talking out of you rear end.


GeoTrustCEO

"I have made it a habit not to respond to competitors on here."
09-04-2002 11:32 PM



GeoTrustCEO oh - Toasty comodo hosty. go to bed....



GeotrustCEO “I have made it a habit not to respond to competitors on here”

Have a look at your CEO’s (its you Marshall ;) ) childish responses in this very thread, he says Comodo is a competitor. His only reason to avoid direct questions asked about the LIES YOU DISPLAY on your website was because your Competitor (Comodo) was asking the question. I was merely quoting your CEO when I used the word competitor. Anyway, I don’t believe Comodo gives a sh*t about Geotrust. Everyone now knows that Geotrust has simply become a “Glitch in the SSL History” whose future is widely known to be in doubt especially after laying off their people ;).

Also, why are you hiding behind the nickname of Marshall (Geotrust CEO), you seemed to be very knowledgeable about last months sales for Geotrust which is not public information ;)

Again, you people at Geotrust just can’t help lying, and trying pathetically to mislead people by contradicting yourselves, even in the same thread! Now, that’s some achievement ;)

You (Geotrust) used to sell Certs that was from Thawte Root key. This is what gave you a good coverage. You NO LONGER use Thawte root key and you DO NOT inform your customers of this FACT letting them believe that you still have the coverage you had in the past. This makes your coverage no more than 80% in my opinion. You are not even compatible with IE.5.00 which Win98SE came with. Over 50% of the market use win98!

That means, “NO WIN98 MACHINE WILL TRUST GEOTRUST CERTS UNLESS USERS UPGRADE THEIR ROOT KEY!” This is a fact.

here is a direct question:

Marshall the Geotrust CEO, can you dispute this fact?

hosty

I just read your post, not even the replys below but let me tell you one thing:

I am surprised that you as the CEO of a company like GeoTrust or the company itself don't have a business plan to market their products. I am a happy customer of yours since more than one year (unfortunately the Cert just expired). You should NOT come here to ask us what we think about SSL pricing. Do your homework instaed and get other managers of your company involved. Check around, offer competitive pricing a good product and good support, that's the way it works.

Good luck.

Originally posted by GeoTrustCEO
SSL has always been priced on a yearly basis (VeriSign set the industry standard)..... the technology was designed that way....

I have been thinking about different pricing models --- not taking the same industry standard approach.... maybe a little more flexible that allows for monthly payments etc....

But my question is what do you think... How should SSL be priced in a way that is fair to the host, consumer and ssl provider?

I would appreciate any thoughts or ideas.... (as a starter -- free will not work -- that is what freessl.com is for -- unless there is a follow on revenue model that works with free).

Originally posted by hosty


Everyone now knows that Geotrust has simply become a “Glitch in the SSL History” whose future is widely known to be in doubt especially after laying off their people ;).

Also, why are you hiding behind the nickname of Marshall (Geotrust CEO), you seemed to be very knowledgeable about last months sales for Geotrust which is not public information ;)


hosty Here's (http://www.securityspace.com/s_survey/sdata/200208/certca.html) some public information that proves once more that you're talking out of your rear end.
I know Freessl (http://www.freessl.com) has come as a bit of a shock to you, so in a way I understand your anger.

Originally posted by Marshall
Here's (http://www.securityspace.com/s_survey/sdata/200208/certca.html) some public information that proves once more that you're talking out of your rear end.


just answer the question Marshall (Geotrust CEO)

here is the question again:

"...That means, “NO WIN98 MACHINE WILL TRUST GEOTRUST CERTS UNLESS USERS UPGRADE THEIR ROOT KEY!” This is a fact.

here is a direct question:

Marshall the Geotrust CEO, can you dispute this fact? "

go on then, can you dispute this fact?

Hosty

hehe, nice flaming, good to know.

btw, when did geotrust stop using thawte cert for signing their certs?

Originally posted by apollo
hehe, nice flaming, good to know.

btw, when did geotrust stop using thawte cert for signing their certs?

they had to stop using it before 10th June 2002.

I didn't realize geotrust was NOT trusted by Opera either!!!

hosty

Originally posted by Marshall
Here's (http://www.securityspace.com/s_survey/sdata/200208/certca.html)

I know Freessl has come as a bit of a shock to you, so in a way I understand your anger.

this is a joke right:D

BTW, I also expect Geotrust Certs to be free! Cos, they are no use to anyone! They are not trusted, not validated, the best thing you can do is give it for Free to everyone!

did you know that 66.5 Million Internet users do not trust Geotrust certs! check out

WhichSSL Browser Compatibility (http://www.whichssl.com/faq/compatibility.html)

Come to think of it, you should pay the people who use your certs as they risk loosing customers because Geotrust certs are NOT TRUSTED.

hosty

Originally posted by hosty


they had to stop using it before 10th June 2002.

I didn't realize geotrust was NOT trusted by Opera either!!!

hosty
I have to admit that there is no limit to the amount of garbage you can come up with.

Originally posted by hosty


this is a joke right:D

BTW, I also expect Geotrust Certs to be free! Cos, they are no use to anyone! They are not trusted, not validated, the best thing you can do is give it for Free to everyone!

did you know that 66.5 Million Internet users do not trust Geotrust certs! check out

WhichSSL Browser Compatibility (http://www.whichssl.com/faq/compatibility.html)

Come to think of it, you should pay the people who use your certs as they risk loosing customers because Geotrust certs are NOT TRUSTED.

hosty
Since Whichssl is run by Comodo, any information on that site is to be regarded as garbage.

I wonder how much thawte or baltimore charge for signing root cert?

Originally posted by apollo
I wonder how much thawte or baltimore charge for signing root cert?

I doubt if they offer it as a service anymore. From what i know, thawte did the signing before they became part of verisign, when they were smaller.

I see, but how about Baltimore?

Well I just tried Marshall and the info is correct, Opera does not trust the GeoTrust Cert that we purchased, so there's no denying it or avoiding the question.

Originally posted by KDAWebServices
Well I just tried Marshall and the info is correct, Opera does not trust the GeoTrust Cert that we purchased, so there's no denying it or avoiding the question.

oops... I see it as an end...

Well, that's 2 browsers that Geotrust certificates are not compatible with, Opera and MSNTV. I wonder how many other browsers they are not compatible with.

Price: $25 a year for a signed certificate seems fair to me.

Note: Entrust is fairly compatible, and you can get one of theirs at Tucows for $119/yr. It beats Thawte for $200/yr, and just as compatible I think.

OpenSRS use GeoTrust now, as we just got our SSL cert through our OpenSRS account.

Originally posted by apollo
I see, but how about Baltimore?

i doubt very much if they are anything less than a few hundred thousand dollars a year.

Originally posted by chrisb
Well, that's 2 browsers that Geotrust certificates are not compatible with, Opera and MSNTV. I wonder how many other browsers they are not compatible with.


whichssl people have prepared a page that displays stats in a nice form obtained from an independent source

whichssl browser compatibility (http://www.whichssl.com/faq/compatibility.html)

check it out. interesting way of presenting the data;)

hosty

Originally posted by KDAWebServices
OpenSRS use GeoTrust now, as we just got our SSL cert through our OpenSRS account.

I believe you, but that's strange. I just saw that 2 days ago, and thought tucows used Entrust. Anyway, Entrust is still good, and cheaper than Thawte.

They used to use them as we did some certs a couple of months back through them, then we went to get ours, thinking it would be Entrust and it turned out to be GeoTrust.

Originally posted by KDAWebServices
They used to use them as we did some certs a couple of months back through them, then we went to get ours, thinking it would be Entrust and it turned out to be GeoTrust.

tucows did a deal with geotrust recently (why? what possessed them? I don't know). geotrust had announced it recently on their website.

hosty

As they say, "money talks" :)

Hosty,
With all due respect, I'm not sure if I trust your stats since they are biased if you sell instantssl. Do you just resell them or do you work for comodo or instantssl?

However, it is good that you are bringing these things to the light.

Originally posted by chrisb
Hosty,
With all due respect, I'm not sure if I trust your stats since they are biased if you sell instantssl. Do you just resell them or do you work for comodo or instantssl?

However, it is good that you are bringing these things to the light.

chrisb, I have always indicated my position about being an InstantSSL reseller (well, i use it for my customers only).

Anyway, I don't think its their stats, the stats are from:
GoStats (http://gostats.com/gogi/browser_war.pl?mn=gostats&all=t)
which is an independent source. all whichssl has done is to display it in an easy to read format. Please feel free to check the stats yourself and let us know if you find anything different.

this is what they say on their website:
"The following table specifies which SSL Provider is trusted by which browser version of Internet Explorer, Netscape and Opera. Based on independent sample statistics (GoStats), we have determined the browser ubiquty of each SSL Provider based on their presence (or lack of presence) in each browser."


"However, it is good that you are bringing these things to the light"
Thanks chrisb, my intention has always been: lets throw all the "facts" up in air and lets see which ones hit the floor quickest ;) . I have been fed enough bullsh*t to last me a life time, I have developed an acute allergy against it, if you know what I mean;)

hosty

Originally posted by hosty


chrisb, I have always indicated my position about being an InstantSSL reseller (well, i use it for my customers only).

hosty
Sorry, I think you told me that before but I had forgot. If that's the case, then I'd consider your bias almost nil.

Anyhow, it really surprises me that InstantSSL (Comodo) certificates are more compatible than Geotrust. I'm beginning to believe that Geotrust was never affiliated with Equifax. Equifax is a large and well-respected American company, and Geotrust doesn't appear to fit that model. Maybe that's why Equifax didn't want that division anymore?

And KCDWorks, I found that on a host site where they sold Entrust certificates for $119, so no doubt that has changed. Thanks for the info.

I have sat back and let the competitors here say things most of which I will not respond to as it turns into a mudslinging match. We believe in putting our money where our mouth is… So, here is all the response I feel that we need to give:

Some of our competition has stated:

-Wiith their Baltimore relationship they now have a better cert at a cheaper price (even though it is chained).
-That “chaining” is just as good as non-chained certs



Response:

FreeSSL.com now has the same relationship that Comodo InstantSSL does with Baltimore. Our new ChainedSSL certificates are chained to the same Baltimore 2006 Root CA that Comodo chains to (same ubiquity). Like InstantSSL, these certificates are chained and our price for them is more competitive.

We will continue to offer FreeSSL on freesssl.com as well as ChainedSSL.

Regards,

Neal

I consider this only a response to numerous post by Comodo only all over WHT..

Wow, Neal! Thanks for posting that. I think you just blew Comodo out of the water! ...LOL

So, does your new $25 chained certificates have greater compatiblity than the unchained ones?

Originally posted by chrisb
Wow, Neal! Thanks for posting that. I think you just blew Comodo out of the water! ...LOL

So, does your new $25 chained certificates have greater compatiblity than the unchained ones?

"So, does your new $25 chained certificates have greater compatiblity than the unchained ones?"

YES it does: Check out www.whichssl.com

But, good move Neal. I hope you will also offer full and proper validation with your certificates. Please let the forum members know whether you are offering full and proper validation or not as we all know Comodo for the price they charge do offer full and proper validation a lot faster than anyone in the market today. Afterall Geotrust charge $40 for proper validation (Quickssl: No validation $119 --- QuickSSL Premium with validation plus (a few days) $159).

Also, I would be very interested in finding out any browser that uses only ssl version 2 that geotrust certs would work with without first upgrading the browser? Please let us know which browsers these are because for Geotrust Certs to work with ver 2 SSL browsers, they need upgrading first.

Because on your site you state:

"Like the instantssl product this uses chained technology and does not work with browsers or servers that do not support or properly implement the SSLv3 protocol. If this is an issue for you, we suggest that you use the FreeSSL product or purchase certificates from VeriSign, GeoTrust, Thawte or directly from Baltimore Technologies."

This statement is untrue because any browser that only use SSL v2 will not TRUST Geotrust Certs hence need upgrading.

So, please tell us which browsers that use Version 2 SSL only and tell us if these browser would Trust Geotrust Certs without first upgrading them?

We look forward to your reply.

hosty

Boy, Hosty!... sounds like you've sure done your homework about SSL

Anyway, if Geotrust new $25 chained certificates have a Baltimore root like Comodo's, then they are more compatible than their more expensive ones. This makes no sense to me... more compatibility for less money.

I still don't know whether to buy stock in Comodo or Geotrust. :)

Stock? I'm still pondering over certs never mind stock.

Well, so far, it looks to me like Geotrust is the better choice with the lower price and it being a USA-based company.

I don't think most buyers care much about whether they are validated. They probably prefer less to no validation since many have had so many validation problems with the likes of Thawte.

Hey, Mr. Geotrust, do you have a URI that I can test one of those new chained certificates?

BTW, I have nothing against Hosty or Geotrust. I'm just trying to find out the facts. That's all.

Originally posted by chrisb
Well, so far, it looks to me like Geotrust is the better choice with the lower price and it being a USA-based company.

I don't think most buyers care much about whether they are validated. They probably prefer less to no validation since many have had so many validation problems with the likes of Thawte.

Hey, Mr. Geotrust, do you have a URI that I can test one of those new chained certificates?

BTW, I have nothing against Hosty or Geotrust. I'm just trying to find out the facts. That's all.

they don't have it yet!

Originally posted by chrisb
Boy, Hosty!... sounds like you've sure done your homework about SSL

Anyway, if Geotrust new $25 chained certificates have a Baltimore root like Comodo's, then they are more compatible than their more expensive ones. This makes no sense to me... more compatibility for less money.

I still don't know whether to buy stock in Comodo or Geotrust. :)


"Anyway, if Geotrust new $25 chained certificates have a Baltimore root like Comodo's, then they are more compatible than their more expensive ones. This makes no sense to me... more compatibility for less money."

Bloody good point mate! Exactly the marketing gimmick Geotrust is trying to create! Trying to fool people into thinking "it can't be" "its good to good to be true" and go buy their more expensive products! This is why they try very hard with this non-existent "chaining issue" that does NOT apply to any browsers we use today! They are talking about IE 1.00 or 2.00 which ran ssl v.2 only! Geotrust certs are not trusted by these browsers anyway, so they would require upgrading if you want to use geotrust certs! The reason why they don't explain and try to muddy the water is because once you see through, there is nothing behind! Again, they are lying on their website!


"I still don't know whether to buy stock in Comodo or Geotrust. :)"

well, think about what each company is made of:

Geotrust: Only an SSL provider
Comodo: SSL provider, Identity assurance infrastructure, Serviced EPKI, R&D Lab and many more products and services on the pipe line. They are not a "one product company" (sharing my homework with you here chrisb;) ) unlike geotrust.

Who is hurting in the market place? I don't see Comodo, lying on their website, laying off people, sacking their head of sales (this alone should tell you something), CEO taking the job of sales, marketing, engineering etc, and most importantly I don't see Comodo trying to mimic/copy geotrust. How did that saying go..... Copying someone is the best flattery etc.... The actions of geotrust can only be attributed to desperation! Do you really think they can make money on a $25 cert! They claimed to have sold 40,000 (a bit inflated and should be more like 12000 but, hey lets calculate on that number give Neal a break on the facts afterall he is factually challenged ;) ) thats a $1M turnover on selling 40,000 $25 certs ! Do you really think their investors invested $25M on Geotrust so that Neal would bring in $1M worth of revenue? That doesn't even pay Neal's salary! I am a webhost and even I don't think $1M turnover (not even profit) is good enough return for investing $25M ;) If you allow resellers sell it then they have to offer like $10 per cert! If they take over the whole market and issue 200,000 certs, thats a $2M turnover still! The math don't add up, does it!

You see if Geotrust goes down the root of non-validating the companies and issue SSL without validation then Identity assurance (identity site seals etc) will be very important. Well, the Geotrust solutions (site seal) DO NOT WORK! Let me explain, because they serve the seals from their servers, everytime you load your webpage with that seal, you have to go and get the seal from their servers! This is a NO NO for many sites. Last thing you want is to degrade the time it takes for people to see your main web page. We make money from that page and can't afford to slow it down! Whereas Comodo's solution is very (very) neat. I personally like it as it causes zero degradation of the website and offer much more validation of the entity! So you see, again I feel that Comodo is better equipped to offer the solutions we need and do it responsibly and properly and I feel that they have a very sensible price point.

Now I had time think about it, this will back fire on Geotrust! You will see what I mean:D

So far, still Comodo for me.

Hosty

chrisb, I think you can now call Geotrust spammers for spamming this forum then ;)

Its official.

hosty

Originally posted by GeoTrustCEO

...marketing blurb by Geotrust....


Neal

<<Post Edited: And you've also spammed the forum with many instances of this message, promoting your new product. We ask members NOT to support board spammers. Please choose a company which does NOT spam the forum.>>

Neal

Please stop treating us with disrespect. Posting this message many times in these forums is a clear indication of your intention to SPAM.

You have in the past came to these forums made statements and when confronted with questions you disappeared without answering them. And now when you think you have an advertisement, you come and spam the forum.

Please immediately apologise for this unacceptable behaviour.

Hosty

I noticed GeoTrust spamming earlier, they just lost my business, about $1k worth, maybe not a lot to them, but it all adds up.

Originally posted by KDAWebServices
I noticed GeoTrust spamming earlier, they just lost my business, about $1k worth, maybe not a lot to them, but it all adds up.
Thanks for letting us know. Bye bye goes my business when it turns the time to renew.

Hosty

Before you accuse me again of lying or working for Geotrust, I would like to remind you and everyone else who fell for what you said about me, that I have been a member of this board for two enjoyable years, during which I have never spammed, lied, advertized, or bashed a company that did not deserve it. A simple search on my modest posts will attest to the above.

If you are wondering why I do not see eye to eye with you, I'd suggest you have a look at your first post where you defended spam from the company that landed crap on my inbox.

The problem as I see it got worse when you decided to spam this forum and insult anyone who does not agree with you. There is no way you can deny the fact that all your posts are related to Comodo in one way or another.

Since I love playing devil's advocate, let me try and clarify some of the concerns you seem to have regarding the SSL issue

Originally posted by hosty

I hope you will also offer full and proper validation with your certificates.
SSL offers small and medium businesses a mean to secure their sites on the Internet and to offer users of these sites a transmission of cryptographically encrypted messages over HTTP and that's it.
Verisign invented the validation bull****, why should you buy what you don't need?

Also, I would be very interested in finding out any browser that uses only ssl version 2 that geotrust certs would work with without first upgrading the browser? Please let us know which browsers these are because for Geotrust Certs to work with ver 2 SSL browsers, they need upgrading first.

Because on your site you state:

"Like the instantssl product this uses chained technology and does not work with browsers or servers that do not support or properly implement the SSLv3 protocol. If this is an issue for you, we suggest that you use the FreeSSL product or purchase certificates from VeriSign, GeoTrust, Thawte or directly from Baltimore Technologies."

This statement is untrue because any browser that only use SSL v2 will not TRUST Geotrust Certs hence need upgrading.


hosty
You are not making sense. All they said is that the chained technology does not work with browsers or servers that do not properly implement the SSLv3 protocol.

What does that got to do with the geotrust certs?

Originally posted by hosty



"Anyway, if Geotrust new $25 chained certificates have a Baltimore root like Comodo's, then they are more compatible than their more expensive ones. This makes no sense to me... more compatibility for less money."

Bloody good point mate! Exactly the marketing gimmick Geotrust is trying to create! Trying to fool people into thinking "it can't be" "its good to good to be true" and go buy their more expensive products! This is why they try very hard with this non-existent "chaining issue" that does NOT apply to any browsers we use today! They are talking about IE 1.00 or 2.00 which ran ssl v.2 only! Geotrust certs are not trusted by these browsers anyway, so they would require upgrading if you want to use geotrust certs! The reason why they don't explain and try to muddy the water is because once you see through, there is nothing behind! Again, they are lying on their website!
Have a look at my previous post regarding your confusion about what they said.



Well, the Geotrust solutions (site seal) DO NOT WORK! Let me explain, because they serve the seals from their servers, everytime you load your webpage with that seal, you have to go and get the seal from their servers! This is a NO NO for many sites. Last thing you want is to degrade the time it takes for people to see your main web page. We make money from that page and can't afford to slow it down! Whereas Comodo's solution is very (very) neat. I personally like it as it causes zero degradation of the website and offer much more validation of the entity! So you see, again I feel that Comodo is better equipped to offer the solutions we need and do it responsibly and properly and I feel that they have a very sensible price point.

Now I had time think about it, this will back fire on Geotrust! You will see what I mean:D

So far, still Comodo for me.

Hosty
You obviously don't have any idea about what the site seal is for and how it is supposed to work.

Originally posted by hosty


Neal

Please stop treating us with disrespect. Posting this message many times in these forums is a clear indication of your intention to SPAM.

You have in the past came to these forums made statements and when confronted with questions you disappeared without answering them. And now when you think you have an advertisement, you come and spam the forum.

Please immediately apologise for this unacceptable behaviour.

Hosty
Shouldn't you be the one doing all the apologies for the content of your 108 posts that promoted comodo, defended spam from comodo, insulted anyone who does not like comodo, and bashed any company that threatens comodo?

Well, Hosty... Comodo spammed my email and Geotrust never has. To me, that's worse than spamming a forum, though that's not good either.

Let's just theorize for a moment that Geotrust has not been truthful. To me, spamming is worse than being dishonest... as much as I loathe dishonesty.

Originally posted by Marshall
Hosty

.....during which I have never spammed, lied, advertized, or bashed a company that did not deserve it.

Since I love playing devil's advocate, let me try and clarify some of the concerns you seem to have regarding the SSL issue

SSL offers small and medium businesses a mean to secure their sites on the Internet and to offer users of these sites a transmission of cryptographically encrypted messages over HTTP and that's it.
Verisign invented the validation bull****, why should you buy what you don't need?


You are not making sense. All they said is that the chained technology does not work with browsers or servers that do not properly implement the SSLv3 protocol.

What does that got to do with the geotrust certs?

I never claimed you Marshall spammed (unless you forgot to use your other name GeotrustCEO). It is official that Geotrust (GeotrustCEO) HAS SPAMMED THIS FORUM.

Plus, I love the way "Marshall" comes to the rescue everytime GeotrustCEO F*cks up :)

"You are not making sense. All they said is that the chained technology does not work with browsers or servers that do not properly implement the SSLv3 protocol."

You see, this sh*t you (Geotrust) people try to throw into market place! Why don't you tell us simply:

WHICH BROWSERS HAVE A CHAIN ISSUE?

Why are you so incapable of answering this simple question. Tell us the name and version of the browsers?

Since you are very knowledgeable about geotrust products: While I have got you answer this question as well:

Does your site seal (Geotrust site seal whatever its called) need to be uploaded from your servers everytime the page displaying it gets uploaded?

This is an important issue because people using these site seals are going to suffer performance degradation as some users will wait extra time to load the page waiting Geotrust to serve the graphic from their servers.

Before you guys go around and pathetically attempting at creating FUD by throwing misleading remotely technical looking issues around in order to sell your inferior products, first look around and make sure there are no techies who could turn and shove those FUD up your a*se!

hosty

Originally posted by hosty


Neal

Please stop treating us with disrespect. Posting this message many times in these forums is a clear indication of your intention to SPAM.

You have in the past came to these forums made statements and when confronted with questions you disappeared without answering them. And now when you think you have an advertisement, you come and spam the forum.

Please immediately apologise for this unacceptable behaviour.

Hosty

Neal

We are still waiting for your apology.

Hosty

Where did Geotrust spam this forum? I think I missed it. If you're talking about this thread, I went back and read it, and they just responded to your accusations. That is not spamming to me.

<EDIT>
I can understand Geotrust replies, but I don't understand yours, Hosty. Unless you are Comodo, why is it so important to put Geotrust down? What have they done to you? It seems like a host that just resells Comodo's certificates wouldn't be so intense in this argument.
Also, is the F word really necessary?

It wasn't -spam-, at least I don't think it was.

Originally posted by chrisb
Where did Geotrust spam this forum? I think I missed it. If you're talking about this thread, I went back and read it, and they just responded to your accusations. That is not spamming to me.

<EDIT>
I can understand Geotrust replies, but I don't understand yours, Hosty. Unless you are Comodo, why is it so important to put Geotrust down? What have they done to you? It seems like a host that just resells Comodo's certificates wouldn't be so intense in this argument.
Also, is the F word really necessary?

**************************************************
FreeSSL.com now has the same relationship that Comodo InstantSSL does with Baltimore. Our new ChainedSSL certificates are chained to the same Baltimore 2006 Root CA that Comodo chains to (same ubiquity). Like InstantSSL, these certificates are chained and our price for them is more competitive.

We will continue to offer FreeSSL on freesssl.com as well as ChainedSSL.

Regards,

Neal

<<Post Edited: And you've also spammed the forum with many instances of this message, promoting your new product. We ask members NOT to support board spammers. Please choose a company which does NOT spam the forum.>>


Last edited by Chicken on 09-14-2002 at 10:07 PM

***************************************************

If you look at it it was edited by Chicken because it was a spam and forum members advised not to support board spammers!
No denying it, is there!

hosty

Originally posted by chrisb
Where did Geotrust spam this forum? I think I missed it. If you're talking about this thread, I went back and read it, and they just responded to your accusations. That is not spamming to me.

<EDIT>
I can understand Geotrust replies, but I don't understand yours, Hosty. Unless you are Comodo, why is it so important to put Geotrust down? What have they done to you? It seems like a host that just resells Comodo's certificates wouldn't be so intense in this argument.
Also, is the F word really necessary?

chrisb, what applies to you, applies to me: you did it in this thread slamming Comodo cos you were at the receiving end of their mistake when they sent out emails out to people. This was wrong and they have apologised for it many times in this forum. I was at the receiving end of disrespectful, cunning geotrust. They thought they could lie thru their teeth to win my business (small but it all adds up). When I realised the FUD they were throwing in this forum I challanged them to back up their statements. I asked them questions, they NEVER ANSWERED! Does it matter who makes liars eat their own words?

You can only treat people with disrespect and insult their intelligence for a while, then there will be consequences. Chrisb, you have taken part in the discussions and please let us know if they answered the questions I have asked them about their FUD:

1)They talk about chaining issues: Give us the name and version of the browser that has this alleged chaining issue
2)their site seal: Please tell us if the site seal needs to be loaded up from geotrust servers everytime the page is loaded by an end user.

Chrisb, can you ask them to answer the questions? Again if you look at the threads even their own customers have asked Geotrust to answer the questions, yet they have failed to do so.

Why are you asking me to let go off these guys who have treated this forum like we are idiots, spammed us and never answered our questions?

hosty

IMHO, from what I saw he was responding to you, not spamming. From all the lengthy accusations, I think he should be able to fully explain his side. Of course, I don't know what Chicken deleted from his post, and what made Chicken come to that conclusion. Since we don't know all of things Chicken based that on, how can we come to that conclusion? Maybe you can, but I can't.

No, GeoTrustCEO started a new thread in one of the forums to announce the new SSL product - that is spamming.

I see. Where is the thread? I couldn't find it.

Originally posted by chrisb
I see. Where is the thread? I couldn't find it.

i assume Chicken removed all the other unneccsary instances of it and left the only instance of the advert on this thread.

It's most likely been deleted, but I definately saw it as I was going to report it, but I didn't have any of the mods on ICQ.

Originally posted by hosty


I never claimed you Marshall spammed (unless you forgot to use your other name GeotrustCEO).
For once in your life, why don't you do the decent thing and contact the mods who will tell you that the above simply cannot be as I happen to be in a different continent altogether
Plus, I love the way "Marshall" comes to the rescue everytime GeotrustCEO F*cks up :)
You mean everytime you slam a company that as far as I know has done nothing to you.


"You are not making sense. All they said is that the chained technology does not work with browsers or servers that do not properly implement the SSLv3 protocol."

You see, this sh*t you (Geotrust) people try to throw into market place! Why don't you tell us simply:

WHICH BROWSERS HAVE A CHAIN ISSUE?

Why are you so incapable of answering this simple question. Tell us the name and version of the browsers?
If you are not familiar with the SSLv3 protocol, I suggest you do some homework or hire professionals who will shed some light on what appears to be confusing you.

Since you are very knowledgeable about geotrust products: While I have got you answer this question as well:

Does your site seal (Geotrust site seal whatever its called) need to be uploaded from your servers everytime the page displaying it gets uploaded?

This is an important issue because people using these site seals are going to suffer performance degradation as some users will wait extra time to load the page waiting Geotrust to serve the graphic from their servers.
One of the purposes of the site seal is to prevent site spoofing by making the actual icon difficult to reproduce. Geotrust's smart seal is the best on the market as it embeds your company's name, date, and time stamp.
Of course it needs to be uploaded from the Geotrust's servers, otherwise it becomes pointless.

Before you guys go around and pathetically attempting at creating FUD by throwing misleading remotely technical looking issues around in order to sell your inferior products, first look around and make sure there are no techies who could turn and shove those FUD up your a*se!

hosty
You techie?

Originally posted by Marshall

You mean everytime you slam a company that as far as I know has done nothing to you.



If you are not familiar with the SSLv3 protocol, I suggest you do some homework or hire professionals who will shed some light on what appears to be confusing you.
[/B]

I have made it clear what Geotrust has tried to do on many occasions even when Chrisb asked in this thread, I thought you were reading this thread or simply coming reacting to everything I say to save your company.

So Mr Marshall answer the question:

Which browsers and what versions of these browser have an issue accepting chained certificates?

You make the statement on Geotrust website so you should know.

Enlighten us.

Or, let me guess: because the answer would simply deflate the geotrust marketing machine as there would be nothing to scare the customers from buying a comodo product, YOU WILL NOT ANSWER.

We await your answer........ (webhosts, Geotrust customers and me who have all asked Neal Geotrust CEO to answer the question in these forums many times)

hosty

Wow, you guys were having a little party and did not even think to invite me. How rude :-)

I have what I think is a legit question.

Are wildcard certificates not supposed to be good for *.mydomain.com? Period. If not that makes no sense to me.

Lets talk about wildcard certificates in a non webhosting environment.

I thought the purpose of a wildcard certificate was to secure communication to all servers running beneath the top domain for a company.

Suppose I had 20 web servers that ran in different departments in my new startup company "MyDomain":

mydomain.com
s1.mydomain.com
s2.mydomain.com
s3.mydomain.com
s4.mydomain.com

etc, etc.

Now if I bought a wildcard cert doesn't it make sense that I could install it on all of my physical servers as that is what wildcard (*.mydomain.com) means? Or am I just missing something here.

BTW, I am not trying to bash anyone, I am just curious as to the logic of calling it a wildcard certificate and then charging per webserver.

Thanks for the info.

Originally posted by Weberz
Wow, you guys were having a little party and did not even think to invite me. How rude :-)

I have what I think is a legit question.

Are wildcard certificates not supposed to be good for *.mydomain.com? Period. If not that makes no sense to me.

Lets talk about wildcard certificates in a non webhosting environment.

I thought the purpose of a wildcard certificate was to secure communication to all servers running beneath the top domain for a company.

Suppose I had 20 web servers that ran in different departments in my new startup company "MyDomain":

mydomain.com
s1.mydomain.com
s2.mydomain.com
s3.mydomain.com
s4.mydomain.com

etc, etc.

Now if I bought a wildcard cert doesn't it make sense that I could install it on all of my physical servers as that is what wildcard (*.mydomain.com) means? Or am I just missing something here.

BTW, I am not trying to bash anyone, I am just curious as to the logic of calling it a wildcard certificate and then charging per webserver.

Thanks for the info.

Tracy, you know how to ask some difficult questions! This is a very valid and interesting question. I feel that all current CAs have simply followed whoever came up with the idea of charging wildcards on per server license! I can't think of any logical reason apart from a CA wanted to give a company ability to use one digital certificate but did not want to loose the possible revenue that would have eliminated.

Now you got me wondering:confused:

any other ideas?

hosty

Well it has been a few days since we asked the question to the Geotrust crowd in this thread and as predicted they did not respond. We asked them which browsers had problem with chained certs?
well, I checked whichssl.com and found the following which explains everything:

" If your webserver is only capable of supporting versions 1 and 2 of the SSL protocol we strongly recommend you contact your webserver software vendor for an update - these protocols are flawed. For more details on why SSL version 2 is no longer used can be found here: http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm"

"All web browsers developed after Internet Explorer 3 and Netscape 3 use SSL version 3 (however still support older SSL protocol versions). "

Geotrust is trying to scare people with a flawed and broken SSL v2 protocol when comparing with Comodo. If this is what Geotrust's business model relies on then god save their investors! :D

Again Geotrust building a business relying on flawed technologies;)

This is why Geotrust has been quite, explaining this fact would simply deflate their marketing machine!

hosty

Three things:

1. Even IE 3.0, which is listed as v3, does not support SSL cert chaining in many, many builds... You don't get a pop up screen, you get a complete connection failure. These type of issues is why our chainedSSL certs (chained to the same Baltimore Root as your instantSSL product) are priced so low at freessl.com.

2. If anyone wants an instantSSL chained cert that Comodo sells - they could get it at almost half the price at FreeSSL.com so I do not understand why you do not just admit to this fact and stop playing games.

3. I think this conversation is finished. Bye, Bye...

Regards,

Neal

Originally posted by GeoTrustCEO
Three things:

1. Even IE 3.0, which is listed as v3, does not support SSL cert chaining in many, many builds... You don't get a pop up screen, you get a complete connection failure. These type of issues is why our chainedSSL certs (chained to the same Baltimore Root as your instantSSL product) are priced so low at freessl.com.

2. If anyone wants an instantSSL chained cert that Comodo sells - they could get it at almost half the price at FreeSSL.com so I do not understand why you do not just admit to this fact and stop playing games.

3. I think this conversation is finished. Bye, Bye...

Regards,

Neal

We hear that "bye bye" from you could be more permanent than just this thread (like a bye bye from Geotrust)? Is it true?

Anyway, do us all a great favour and tell us all which IE3, IE4, IE5, IE6 versions have problems.

Also, lucky I did not go reselling for you guys, what sort of ethics is that you expected us to resell your product at $120 paying you $50-$60 for a cert while Rackshack is allowed to sell it for $29?

Are you at last listening to my advice and giving Quickssl for free just like Freessl cos they are very comparable products?

Thanks

Hosty

Originally posted by GeoTrustCEO
Three things:

1. Even IE 3.0, which is listed as v3, does not support SSL cert chaining in many, many builds... You don't get a pop up screen, you get a complete connection failure. These type of issues is why our chainedSSL certs (chained to the same Baltimore Root as your instantSSL product) are priced so low at freessl.com.



I usually just read these boards for hosting offers but this thread interested me. I didn't realize SSL was so competitive out there.

Geotrust CEO are you really arguing that your product is good because it works with IE 3? Aren't you about 5 years out of date? I think even my gran may have managed to upgrade IE 3 by now.

Or have I missed something completely?

Wavey

keep smoking it (must be some good weed).. guess the world looks better for you when you do...

Goodbye......... nice Newbie first post, I think you are insulting the good folks on here....

Silly question, with all these mentions of IE 3 !! Going around.

How many websites would lose sales due to customers still running a browser that came with Win95 Rev 1 who mysteriously have NEVER ONCE updated their browser in the past 7 years ?

I mean even my mother (at 65) has IE5 on her beast.

Originally posted by GeoTrustCEO
keep smoking it (must be some good weed).. guess the world looks better for you when you do...

Goodbye......... nice Newbie first post, I think you are insulting the good folks on here....

Sorry if I insulted anyone with my post.

BTW it's not my first post, far from it, I just got sick of the spam on my other addy. The new one stays private I'm afraid.

Originally posted by greatbeast
Silly question, with all these mentions of IE 3 !! Going around.

How many websites would lose sales due to customers still running a browser that came with Win95 Rev 1 who mysteriously have NEVER ONCE updated their browser in the past 7 years ?

I mean even my mother (at 65) has IE5 on her beast.

well, someone better tell Geotrust that:D

They base their argument about how good Geotrust cert is on IE3! Even though neither IE3, IE4 or even IE5.00 does NOT trust QuickSSL. I guess that is why rackshack have reduced their price from $49 to $29! I did predict in this forum that quickssl will be given (should be given) away for free just like freessl and adviced geotrust ceo to do that. Obviously he is listening to my good advice and allowing rackshack to sell these certs at $29. But, oops, that really messes up the other resellers who paid $50-$60 for each cert and are expected to sell it at $120??? Naughty, Naughty! Come on Neal give Quickssl for free!

Anyone else think Geotrust Certs should give QuickSSL for free :smash:just like FreeSSL, please reply to this post

:D

hosty

I don't know how I missed this gigantic ad from GeoTrust, but if they try this crap again, they will be banned and their URL blocked. Any questions? Sick of this garbage from you SSL people... for heaven's sake, you guys are worse than the spam&scam hosts here. Personally, I wouldn't put any faith in anything or anyone you people 'verify'.