Mailing List CGatePro@mail.stalker.com Message #101103
From: Bret Miller <bret.miller@gci.org>
Subject: Re: Extended Validation certificates
Date: Wed, 10 Nov 2010 08:37:22 -0800
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
On 11/10/2010 6:43 AM, James Roman wrote:
On 01/-10/-28163 02:59 PM, Philip J. Koenig wrote:
James Roman<james_roman@ssaihq.com>  wrote:

I was asked today if there was any benefit to purchasing an extended
validation certificate for our mail server. I couldn't think of any good
reason to ever install an EV certificate on a corporate mail server. In my
mind, the visual confirmation aspect of SSL certificates is not really
necessary (or possible except via webmail) when communicating with mail
servers. Can anyone else think of a reason to spend the extra money.

The main point of a certificate signed by a well-known CA is that it
verifies that the host is really what it claims to be.

... snip ...

So there is not really any "technical" difference in the higher-
validation certs, the difference is that the CA has met a very high
standard of practice, how far the CA goes to verify the cert
requester is who they claim to be, and then some other unrelated
items like how much liability insurance coverage they provide to the
cert customer, customer-service, etc.

If the only reason for the EV certificate is MUA protocols (pop/imap/smtp), then I can't see any benefit. If you're using the certificate for non-pronto webmail, then there could be a perceived end-user benefit that they see the nice green bar in their browser before they sign in. I honestly doubt most users are aware enough to understand the difference that the additional confidence it provides. But some will be and it will benefit them. That said, we don't want to pay the extra, so we don't.

Bret
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster