WingNews logo WingNews GitHub [2]
top | item 10941259

Ask HN: What will be the strategy of CAs after Let's Encrypt

5 points| thomasdd | 10 years ago | reply

Now when SSL certificates could be free for everyone, I am thinking about, "What will the current Comercial SSL/CAs like Synamtec, GeoTrust, Thawte, Comodo...". What you think will be the strategy to sell SSL for money. I think I would still consider some other CA that Let's Encrypt for example to serve HTTPS for mobile applicaion API. But what do You think about the next steps of Synamtec, GeoTrust, Thawte, Comodo... ???

5 comments

order
[+] Someone1234|10 years ago|reply
Aside from EV, they might also continue to sell DV certs if the price is low enough (sub-$10). Let's Encrypt is cheap, but it is massively inconvenient, and a lot of people would prefer to "waste" a few dollars on a streamlined process than spend hours trying to get Let's Encrypt working with their platform/infrastructure/etc.

I just spend $9 renewing with Comodo's "PositiveSSL" because Let's Encrypt was too much hassle.

[+] insoluble|10 years ago|reply
> "waste" a few dollars on a streamlined process than spend hours trying to get Let's Encrypt working

This is true. It probably took me somewhere around 20 hours to get everything streamlined with Let's Encrypt (I started before public beta, so the available software was buggy, convoluted, and not well documented). Just like with open-source operating systems, the advantage is not in the initial setup but in how many units can then be deployed for minimal unit cost. If you have only a couple of domains to be encrypted, LE is not worth it currently.

Perhaps the commercial providers should focus on the small-scale users, which is exactly what they probably would rather not do.

[+] thomasdd|10 years ago|reply
But with the right implemenation and audomation as we did in in my webhosting company, it is evem more convenient for user. (unless LetsEncrypt is working). Certificates are reneved automaticaly without any user action. So I think EV is the key point here for other CAs. Also I think that in the next 2 years, every webhosting account will be created with HTTPS:// as default, without even asking the client as HTTPS with LE becomes a standard service out-of-the-box.
[+] detaro|10 years ago|reply
Pushing EV certs, offering services around it (monitoring, issuance controls, deployment, APIs).
[+] sjs382|10 years ago|reply
Extended validation, and the other products they already offer.