Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL.
Last spring The Online Trust Alliance
, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so.
Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
I'm putting together a publicly-available web service/application and have some security questions. [more inside]
Does SSL protect information even if the wi-fi connection is unsecured? [more inside]
Am I being overly zealous about "proper SSL implementation?" [more inside]
Calling webbish folks: I'd like to make sure this form
is as unsecured as it appears before I complain. More inside! [more inside]
What's the cheapest way to get an SSL certificate (for serving HTTPS connections)? Obviously I'd want the company selling these certs to be listed in most browsers as a trusted authority.
An acquaintance who travels overseas frequently would like to scan and store her important identification (passport and driver's license) along with her credit cards, and store the images securely online. We would like to make the documents easily accessible to her through a Web page, but otherwise secure. I have offered her some space on my shared server, and while I have some ideas about how to secure things, suggestions would be useful.
I'd like a signed ssl certificate, as signing it myself leads to warnings from both Internet Explorer and Safari.
signs 128 bit at $895, which seems ridiculous to me.
Does anyone have positive experience with other trust vendors