SSL From a Developer’s Perspective

SSL (Secure Socket Layer) and its new version TLS (Transport Layer Security) are meant to provide secure communication between a client and a server.  I understand how easy it must have been to decide to verify identity with them as well – to show that a site is actually who they say they are.  However, from a developer’s perspective – why on earth do I need to pay so much yearly to prove that…  Well, I am not using it as a payment gateway – I just want to ensure that my user’s information is secure against man-in-the-middle attacks.  I want my users to know that when they submit anything to my site, it will be safe from prying eyes, and kept with me and me alone.  I want my users to have that security.  But now, because of how SSL has developed and how modern browsers treat the certificates – if I have a self-signed certificate my users are told before they see my page that it isn’t trusted.  This is told to my users because I have not paid these large corporations a sum of $200 plus annually to sign my certificate verifying that it is me.  I understand a fee for that service, but why is it worth so much, and why do browsers tell you when a certificate is not signed by these companies?  The security between the communication of the server and client is the same whether or not I paid to have my certificate signed.

As a developer, I do not care whether my identity is is verified.  I want that security for users, but I refuse to pay for it if I am not running a store.  So, that is my rant about the corporate world.  I don’t like people making a ton of money of developers that are trying to protect their users, and then telling those same users that because this developer wanted to secure that communication between them – they are not trusted.  Sorry, I just don’t like how the users get screwed in the situation; because honestly whether data can be intercepted by a third party really does not directly effect me.

No Comments Yet

There are no comments yet. You could be the first!

Leave a Comment

    Search the Blog