SSL Certificates Are Too Expensive

CNet reports that researchers from Carnegie Mellon University found out that users ignore “Invalid certificate” warnings:

http://news.cnet.com/8301-1009_3-10297264-83.html?part=rss&subj=news&tag=2547-1_3-0-5

The conclusion? Use essentially an external rating system that would ignore certificate validity and use a database to look up benign and dangerous web sites.

I think the real problem is that certificates are simply too expensive. Drop the prices, make a valid certificate mandatory for HTTPS by default, and provide a way to obtain valid certificates for free for intranet use, and the problem will go away on its own.

Leave a Reply