Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL advantages worth the hassle?

Currently using a Godaddy SSL on http://www.spothero.com

On a friend's iphone it said "cannot verify server identity"

Two people I know cannot access it from their blackberrys and server identity problems keep popping up even on browsers on computers.

Are the advantages of SSL worth this hassle? What would be the downside of completely getting rid of the HTTPS connection?

like image 221
Mark Avatar asked Feb 26 '23 11:02

Mark


1 Answers

There's actually a well-understood (if not widely practiced) way to handle this question.

Recall that the mathematical definition of risk is

R = P × H

where R is the risk, P is the probability of the bad thing happening, and H is the hazard, ie, the cost of that bad thing if it happens.

Make an estimate of how much a bad disclosure could cost you, in currency. Figure out the probability that someone would try it (anything from a wild-ass guess to a careful analysis) and succeed, and you can compute R.

Is R less than the cost of solving your SSL problem? If so, it's not worth the effort.

Now, that said, the complaint you're getting means the certificate you're using for your SSL is not signed by a known trusted source, eg Verisign. If GoDaddy sold you the SLL and cert, then it's a tech support problem for them. Otherwise, you need to buy a verifiable cert.

like image 155
Charlie Martin Avatar answered Mar 07 '23 04:03

Charlie Martin