|
|
|
|
|
|
by iancarroll
4152 days ago
|
|
|
> apply for inclusion with the vendors (Apple/MSFT/GOOG/Mozilla/Debian etc) it will take another couple of months Mozilla takes ~1.5 years to include a CA. > I wonder what the total initial and running costs of starting up a CA (including WebTrust & yearly re-audit) are today... Without including man-hours, I've estimated it to be $550k for creating and maintaining a CA for three years. The audits make up a large majority of this. Big firms like E&Y charge a lot, which is what my estimate is based off of. You also need HSMs + places to store the HSMs, a CP(S), etc. If you've ever read the WebTrust guidelines, you'll know you need a lot of accountability and security. You could probably reduce the figure with a small auditing firm. My estimates of course are estimates. Certly got quoted $120k/yr (not including a readiness audit) for a WebTrust audit by E&Y. |
|
|