|
|
|
|
|
|
by colde
2212 days ago
|
|
|
But why even require payment for these certificates, since Microsoft according to the article doesn't actually place any value on the certificate itself. You still have to build up reputation separately. In that case, it seems entirely unnecessary to require a paid certificate. |
|
|
I paid $400/yr for my employers first Authenticode certificate back when they were a new thing and you could only get them from Verisign. Now there's a handful of providers and competition has brought the price down, but the volume is lower than DV certs, and verification is harder, so the prices won't go down to zero.
Why do identity verification at all, you could ask? A reasonable question; if all I need to start earning reputation is a private key, the costs could go to zero. But letting the scammers make as many identities as they like at no cost changes the prior on a previously unseen identity. It seems MS isn't granting a very strong prior anyway though, so... my argument certainly is weak here.