security

[Martin Atkins]

Chris Drake wrote:
 >
> It's not *really* a pain either - paste your CSR and credit card into
> ipsca, and $38 + 1 minute later - you're trusted.
> 

You have a cert, but now you have to figure out how to use that cert 
with whatever service you're trying to run. The first time I set up SSL 
in Apache I lost an hour of my life trying to figure this out.

Additionally, it's not possible for many people to deploy SSL on their 
own sites because they are hosted on a third-party server with no access 
to the configuration to add an SSL cert and sharing an IP address with 
possibly hundreds of other sites.

So yes, SSL *is* a pain for various reasons. Pain I'd expect any 
reputable IdP to go through, but not something I'd want to inflict on 
all relying parties, and an unreasonable burden on early adopters who 
are just setting up a vanity identity URL for the fun of it.