Forums Help & support Signed certificate for the downloaded file but no SSL for the website? Reply To: Signed certificate for the downloaded file but no SSL for the website?

#3798 Reply


Hello John,

While I won’t argue that the standard is moving towards SSL-everywhere, please understad that SSL (HTTPS) serves two purposes, but not always at the same time and this is not always apparent to a user.

The first purpose, which is always fulfilled is confidentiality. However, not all things are confidential. We don’t believe that our public web site,, has anything confidential.

The other purpose, is authentication of the URL and organization behind it. I.e. that if you type ‘’ you’re really talking to our servers and we represent a real legal entity, and not someone elses. This purpose used to depend on a list of trusted providers of root certificates, such as VeriSign, issuing them after a manual verification process. These cost money. Real money. And we’re still a rather small organization.

Recently, free certificates have been massively available via the Let’s Encrypt inititative. The problem is that these certificates really only fulfill the first purpose – encryption of the link. And, as mentioned, there’s nothing secret going on there.

If you’ll note, the account web site, – where you sign in, *is* encrypted with a ‘real’ SSL certificate, where our corporate identity has been validated by the issuer. We’ve also ensured that we’re only using up-to-date algorithmns and key lenghts on that server.

So, yes, we’ll arrange for SSL for as well, but since the *real* benefits are minimial to negligable and there’s a real cost associated with it it’s not been our top priority.

Thanks for the feedback!