help explain gap in waterfall

[pmeenan]

(09-28-2014 02:43 AM)newellstarks Wrote:  This is an old post - I am, nonetheless, interested in why you are opposed to seals generally.

I ask because SSL is required generally in eCommerce and Google encourages secured sites - so should we simply use the https part of Verisign (or whoever) and skip the part where the end user can click on the Seal?

In the case of "credibility" would end users believe use if they could not verify that we are "real" and using "fake" seals that could not be clicked on?

We have run into similar issues with speed delays on our site with Seals.

I am strongly in favor of SSL and secure communications. That is completely independent of the verisign seal (or any other) in the content.

The browser will already take care of security indicators in the address bar and that is the only secure place for them to be displayed. Seals within the content are pure marketing (and usually marketing for the cert provider, not you), do not add any actual security value and are completely spoofable.

I'm saying you should use the certificates from Verisign/whoever and not have any seal within the page itself. If users want to verify the validity of the connection they should be looking at the address bar. In the case of actual invalid certificates they will get massive warning pages and it's actually really hard to get through to the fake content.