Sorry if that sounds like a commercial, it's just that I finally found someplace that's cheaper than a couple of hundred bucks.
There's several places that are cheaper than "couple of hundred bucks". Verisign is not the only one selling certificate for a long time. Some of those places will sell you wildcard certificates, and some will sell you certificates in bulks of 5 or 10 dirt cheap.
Anyhow, if you are home user, you should ask yourself do you really need certificate sign by CA whose root certificate is shipped with browsers. For most home users, self signed certificate (or generating your own root certificate and signing with it) will work quite well.
"Official" root CA signed certificates, the way they are currently being issued, the way identity of buyer is checked, and the way they are currently being used, are usefull only for not annoying users with pop-up warning windows. It is not that complicated to buy forged certificate (ask Verisign and Microsoft, they still haven't figured out who was the guy Verisign sold certificate in MS name some time ago). If that can happen to big name such as Microsoft, somebody buying certificate in some home user's name would probably go quite unnoticed. This is nothing suprising. CAs are commercial entities, so they are after generating large volumes of profit. Strict identity checking would severely slow down the process, customers would go to somebody else who is "faster" (because that somebody has more loose identity checks), so everybody is gradually lowering the bar (and no, credit card is not sufficient identity check -- it only links couple of numbers that are printed on the card to person who will be charged by the bank, it doesn't say a thing about identity of person who typed those numbers into some kind of web form, or about authority of that person to use the card).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
