Never one to pass up a PR opportunity, John McAfee is preparing to overturn the security certificate industry ... or so he claims.
According to Silicon Angle, a new venture by McAfee, BlackCert, will sell SSL (actually TLS) certificates at a price point and backed by protections that McAfee claims to be unmatched elsewhere in the industry. The hard part is figuring out where McAfee's marketing ends and innovation begins.
McAfee's pitch for BlackCert involves a few key selling points: unlimited server licensing, liability protection for each certificate, and prices that are meant to undercut the competition. The last of these seems true: DigiCert has a one-year certificate, priced at $175, available for unlimited servers, while BlackCert's basic SSL (also for unlimited server use) is $69.
But beyond the pricing, the pitch is indistinguishable from what existing vendors already offer. DigiCert, for instance, has its own $1 million relying party warranty, which it has offered, along with the unlimited server license, since 2014.
BlackCert seems to be doing little about the larger problem with certificates apart from cost: the management issues they pose. Such issues aren't trivial; both Microsoft and Google have been whacked big time by certificates that expired under their noses.
If there's any disruption of the certificate industry, it's coming the Linux Foundation's Let's Encrypt project. Aside from offering free certificates backed by Mozilla, this initiative also promises a management infrastructure that makes the process of upgrading to new certificates "as simple as apt-get."
It's easy to be skeptical there, too. Let's Encrypt recently updated its launch schedule to November of this year, back from September, and its command-line tooling will also need to encompass a broad range of third-party products (such as Microsoft Exchange) to be truly useful. But the concept for Let's Encrypt alone is far more disruptive than anything proffered by BlackCert.