Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2002
    Location
    London, UK
    Posts
    9,037

    SSL..chained vs goetrust

    Advantages and disadvantages of a $25 chained (freessl.com)
    or the $49 rackshack geotrust ones

    is it worth spending the extra, or is the $49 poor aswell ?

    I dont have any SSL requirements right now, but would like to offer it ..
    Matt Wallis
    United Communications Limited
    High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
    UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.

  2. #2
    Join Date
    Jun 2002
    Posts
    186

    Re: SSL..chained vs goetrust

    Originally posted by UH-Matt
    Advantages and disadvantages of a $25 chained (freessl.com)
    or the $49 rackshack geotrust ones

    is it worth spending the extra, or is the $49 poor aswell ?

    I dont have any SSL requirements right now, but would like to offer it ..
    Chained Certs will not work with now defunct SSL v2. but then again you would be hard pressed to find any browser to use SSLv2 only or the webservers. The SSL v2 is flawed and should not be used IE3 and Netscape 3 onwards started using SSL v3 and now the market moved further to TLS v1 (even newer than SSL v3). so the talk about chained SSLs not working with ssl v2, in my opinion, is red herring and marketing blurb to make you buy their more expensive product (well you asking the question here means that they have almost achieved their objective ). Even verisign use chained certs, and If i remember correctly until June this year geotrust was using chained certs from thawte. So the only difference is then browser coverage: The chained cert you are referring to is from GTE (Baltimore) root with over 99% coverage compared to the geotrust one with around 90% coverage.
    So in my opinion (i am biased) chained ssl that geotrust offer is a much better product technically than their own product Quickssl which is much less trusted (around 60Million internet user do not trust quickssl certs but only around 4 million do not trust chainedssl). however, i notice that they don't support it apart from FAQ on their site. Also as far as I can see, you can't buy 2-3 year certs with it either.

    check this out.
    Taken from their website.....

    "What type of customer service do you offer?
    Because of our increadibly low pricing, we only offer web based customer service. Additionally, we do not offer refunds or reissues."

    You say you would like to offer it: I doubt if geotrust is putting the chainedssl through their reseller channels.

    *****************************************
    I have just tried https://www.geotrust.com guess what I saw? Their Chained cert from thawte! This either says: Geotrust is a test website and not commercial or nothing wrong with chained ssl certs
    ****************************************************
    hope the above helps.

    hosty
    Last edited by hosty; 10-14-2002 at 06:59 PM.

  3. #3
    Heya,

    Hosty, any of the Thawte chained Geotrust certs will basically be inavlid as the intermediate geotrust cert which Thawte signed expires next year some time (2003/06/10) so even the earlier browsers will have a tough time supporting these and geotrust will have to make moves to get it sorted...

    Are they still signing certs with that chained root? I also took a look at their website and noticed that it was a Thawte chained one, but surely they can't be signing customer certs with it anymore?

  4. #4
    Join Date
    Jun 2002
    Posts
    186
    Originally posted by jabba
    Heya,

    Hosty, any of the Thawte chained Geotrust certs will basically be inavlid as the intermediate geotrust cert which Thawte signed expires next year some time (2003/06/10) so even the earlier browsers will have a tough time supporting these and geotrust will have to make moves to get it sorted...

    Are they still signing certs with that chained root? I also took a look at their website and noticed that it was a Thawte chained one, but surely they can't be signing customer certs with it anymore?
    Because thawte would not renew the license with geotrust, you are right that geotrust can no longer sign using the chained cert. this means they have to use their equifax one (the 90% compatibility) to sign.

    The point I was trying to make was: UH-Matt was asking the question about which is better "chained ssl that geotrust sell (from GTE (Baltimore root) with over 99% browser coverage) or their own equifax root (with only 90% coverage). If you look at the marketing spiel on geotrust/freessl website they effectively poo poo using chaining and try to promote their equifax product which does not use chaining. the issue is: Geotrust started their company and made a name using chained certs from thawte, their website has the chained cert, verisign uses chaining in their more expensive product range, chaining is an accepted and widely used aspect of PKI and geotrust trying to (naively) put down what PKI stand for in an attempt to try to sell their product. The reason why they do this (as you can see what fressl is for is to fight one of their competitors) is to fight other companies using chaining and offering cheaper and better products (in my opinion). This irresponsible marketing by geotrust causes confusion and is ethically wrong. You see, as a result of geotrust trying to confuse people with outdated technologies which were superseeded since 1996, we have people having misunderstanding of what PKI is. This coming from a company supposed to be selling Trust, is so very WRONG!

    hosty

  5. #5
    Hi hosty,

    I guess it comes down to FUD...

    I am very surprised that they would do this, but I guess the SSL market is quite a hectic one, but breaking into the market with such 'backhand?' methods doesn't seem right...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •