There is absolutely no need for an EV cert for a _book downloading_ website. Maybe the entry level comodo cert isn't good enough in your opinion, but you certainly don't need anything more than a domain validated cert.
Also, pretty sure this is the only time I've ever mentioned anything security related on the list, so I won't, in fact, stop "spamming" the list, because I never was.
Alex
On Jan 1, 2012 2:39 PM, Marcello Perathoner <marcello@perathoner.de> wrote:
On 01/01/2012 07:22 PM, Alex Buie wrote:
> On Sun, Jan 1, 2012 at 12:57 PM, Marcello Perathoner
> <marcello@perathoner.de> wrote:
>> Certificates are expensive. You have to get them and renew them. Maybe we
>> could get a cheap one from a certification authority for academia.
>>
>
>
> I'm pretty sure we could get 18 people to pay $0.50 for a PositiveSSL
> cert ;-). http://www.namecheap.com/ssl-certificates/comodo/positivessl-certificate.aspx
The idea here is to protect people's reading choices from government
eavesdropping. That's a different class of security than to prevent your
internet cafe neighbour from seing what you download. In the latter case
a self-signed certificate would suffice.
What we need is a worldwide recognized CA that does real checks, ie.
paperwork, to determine the authenticity of the certificate request.
Also, we need an EV certificate, eg. one that turns the browser bar
green. EV certificates work for one subdomain only. So we'd need at
least 2 of them.
EV certificates at Verisign start at $998 / year.
I'd appreciate if you stopped spamming the list with comments that only
expose your personal naivete in real world security matters.
--
Marcello Perathoner
webmaster@gutenberg.org
_______________________________________________
gutvol-d mailing list
gutvol-d@lists.pglaf.org
http://lists.pglaf.org/mailman/listinfo/gutvol-d