Re: FN-FORUM: Good reliable fast Uk host!

date posted 28th January 2008 10:11

On Monday 28 January 2008 08:07:41 Punters Power wrote:

> I think in general people 9the average online shopper) do not know which
> SSL cert brands are which or even what they mean, =20

This is true...

> however they do look for=20
> 'familar' names so what they see o one site they use often they will be
> reassured to see on a site they do not use or not used before, stating the
> obvious I know.

Not so. (Also completely contradictory to your previous statement).
Mainly because people never actually see the name of the certificate issuer.

The industry likes to talk up their superior brand recognition as=20
justification for shelling out hundreds rather than tens for a certificate,
but it's cobblers. 99% of users simply don't care, or know:
=2D "More people recognise Visa as a trusted CA than Verisign"
=2D "Verisign is the world=E2=80=99s largest CA"
=2D "Visa isn=E2=80=99t a CA at all"
(from http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf - read it
if you have any interest at all in this subject).

Other gems from that talk:
=2D "When presented with a certificate warning dialog, 68%
immediately clicked =E2=80=98OK=E2=80=99 without reading the dialog"
=2D "No-one was deterred by a large red cross and warning text indicating=20
that the certificate was invalid"

And relevant to this discussion:


=2D Use a $495 Verisign certificate
=E2=80=93 People will come to your site
=2D Use a $9.95 budget CA certificate
=E2=80=93 People will come to your site
=2D Use a $0 self-signed certificate
=E2=80=93 People will come to your site
=2D Use an expired or invalid certificate
=E2=80=93 People will come to your site
=2D Use no certificate at all, just a disclaimer saying that you=E2=80=99re
secure
=E2=80=93 People will come to your site