Everyone is selling SSL certificates. Really? Not really.

It turns out that the majority of quality SSL certificates are actually dispensed from the same company in some shape or form — VeriSign. VeriSign currently owns at least Thawte, GeoTrust, and RapidSSL. In other words, they own all but one of the "older-than-dirt" high-ubiquity certificate authorities, GlobalSign. Here's the lowdown:

Verisign proper has the oldest root certificate, created in January 1996. It is the most ubiquitous, meaning, more browsers accept certificates granted by them than any others. They're unfortunately also ridiculously expensive.

Thawte has the 2nd oldest root certificate, created in July 1996 (six months later). It is not meaningfully less ubiquitous, and you'd be hard-pressed to find a browser that does not accept them. Unfortunately, VeriSign owns Thawte for awhile now, the prices aren't convincingly lower, and they don't offer certain permutations of options on certificates at the behest of VeriSign.

Notably, Google uses Thawte for Gmail — not Verisign. Therefore, it is apparent that Verisign does not offer anything meaningful in the way of ubiquity. It stands to reason that after a certain point, supporting old browsers becomes meaningless. Remember Cello? Well, nobody uses that anymore — or Netscape 2.02! And if they do, they're desensitized to the resulting SSL-related error messages, because they're probably … ubiquitous.

Then there is GlobalSign. They are in 3rd place in ubiquity — and an up-and-comer. They were the first certificate authority in Europe, and their certificate was created in September, 1998. They never got snatched by VeriSign.

In order of ubiquity:
1. Verisign (proper — not the other brands it owns; 1996)
2. Thawte (owned by VeriSign; 1996)
3. GlobalSign (not owned by Verisign; 1998)
4. RapidSSL (owned by VeriSign; 1999)

What about SGC? Do I need it?
Some older and/or foreign browsers do not support 128-bit strong encryption without the use of an "SGC certificate." Users of the following software will achieve 128-bit SSL encryption if they visit a Web site with an SGC-enabled SSL Certificate; otherwise the encryption degrades to 40-bit:

* Internet Explorer export browser versions from 3.02 but before version 5.5
* Netscape export browser versions after 4.02 and up through 4.72
* Windows 2000 systems shipped prior to March 2001 that have not downloaded Microsoft’s High Encryption Pack or Service Pack 2 and that use Internet Explorer

These browsers are fairly uncommon, but the following certificate authorities can grant SGC-enabled certificates:

1. VeriSign (+$600-$800)
2. Thawte (+$450)
3. GlobalSign (FREE)

Suspiciously, Thawte does not offer SSL with SGC and + EV (extended verification), which is nothing short of a deliberate attempt to require customers to pay for the VeriSign brand if they want maximum security. I believe SGC may still be relevant if the web site in question has many foreign (non-US) visitors. According to someone I asked at Thawte, "SGC is still required as there are still many low encrypting browsers out there." They quickly offered me a certificate from "their partner," VeriSign.

Therefore with regard to holistic security:
1. VeriSign and GlobalSign (TIE); but Verisign wants $2195 for what GlobalSign wants $899)
2. Thawte

Other Concerns — chaining — a bad thing?
RapidSSL claims that it is "single root," and that it is a good thing. While I'm not an expert on security in this realm, I don't see how chaining certificates is anything but a minor configuration annoyance and a short initial delay the first time a connection is made to the HTTPS. It stands to reason that chaining is also a precautionary security measure. My conclusion is that RapidSSL is spinning it to be a good thing, but it's not necessarily so.

Note: Historically, many chained certificates were granted from various companies who didn't own their root. However, it appears that most major vendors chain, but own all the certificates up the chain. Notably, VeriSign only sells chained certificates, and their new Extended Verification (EV) certificates are chained twice. If for whatever reason the Root Certificate is compromised, the entire security infrastructure built by the SSL Provider will fail. I'm not sure why RapidSSL thinks this is a good thing. It's probably not.

Conclusion:
It's a tough call, but here are my conclusions —

If you want cheap and decent, go with RapidSSL. I don't buy the single-root-is-good claim, but they're based on a fairly old root (therefore ubiquity is high), and they're dirt cheap. $199.00 direct, and resellers seem to push it down to $150.00 as of August 2008.

If you want a good deal with maximum security and very good ubiquity, go with GlobalSign. Thawte is also a consideration, slightly more ubiquitous, but they don't offer certain meaningful permutations at the behest of VeriSign.

If you don't care about cost and you want the absolute best for 2-3x the price, go with VeriSign. However, keep in mind, that VeriSign doesn't give SGC free, EV costs more, and unless you get the top-of-the-line certification from VeriSign, you should consider the above options as well.

Other contenders include Comodo and GoDaddy, but neither seems to offer much that any of the above services do not. They're also based on newer roots (2003 and 2004 respectively). They do both offer EV — for a very low price, and worthy of a mention. Neither can offer SGC.

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook



Related posts:
Why Iran Will Eventually Lose to Technology; VPN, SSL Proxies, etc. In your typical game of cat and mouse, the cat...