https://stackoverflow.com/questions/21617253
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThese certificates differ on various aspects:
- life time: the cheapest certificates usually have a short life time, e.g. expire after a year or so and need to be recreated. This is not primary a nuisance to make you buy better certificates, but the cheap guys usually don't care as much about security and thus these certificates have a higher chance to be compromised (e.g. private key stolen) and there should have a short life time to limit the damage the attacker could do. And in case the owner of the certificates notices and cares about the compromise the certificate needs to be revoked and added to a CRL (certificate revocation list) which can thus get really big - just look at the huge CRLs of GoDaddy.
- wildcard and multiple names (subject alternative names): cheap certificates are restricted to a single host, wildcard or alternative names cost more. Usually companies rather by a certificate with multiple names or wildcards to avoid the hassle of maintaining multiple certificates, often it is also necessary if you offer the same site with multiple names (e.g. even example.com and www.example.com are different).
- how much verification is really done: the idea is, that some CAs do a better verification of the owner of the certificate. This makes the certificate more expensive (somebody has to pay for the verification) but it also makes it more trustworthy. Of course this make only sense if the CA really checks the owner. The best known example for this are the "extended validation certificates" which show up in the browser as more trusted.
Apart from that, your browser trusts about 100 different CAs from a variety of countries. In the current PKI (public key infrastructure) there is no way to restrict the impact of each of the CAs, e.g. a chinese CA can issue certificates for google.com or an american CA can issue certificates for google.cn. There is also no foolproof collision management, e.g. a certificate for the same domain could be issued by multiple CAs at the same time and the browsers would accept it.
Moreover, each of these trusted root-CAs can issue any number of intermediate CAs which in itself could issue other intermediate CAs etc. Each of these intermediate CAs has all the capabilities to issue any certificate they want, e.g. recently a sub-sub-sub-sub CA of the french CA FGC/A issued "accidentely" certificates for google.com and others, see http://arstechnica.com/security/2013/12/french-agency-caught-minting-ssl-certificates-impersonating-google/. And, there is no public list of all the certificates a CA issued, so you can be sure that some of them sell intermediate CAs to law enforcement and for other purposes (see also http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html).
And, of course, CAs get also hacked, like DigiNotar and Comodo in 2011, where certificates for gmail, microsoft live etc where issued and actively used in attacks. And while DigiNotar got closed Comodo was probably too big to fail.
In summary: with the current PKI system the certificates you can trust the certificates like you would trust a combination of all the major goverments and companies - whatever this trust is :(
