We announced it in November, but now it's official: Symantec is the first of the large CAs to be providing DV certs for free. There will be at least one other major CA that will announce the same thing.
It's a response to market pressure and makes sense economically: DV certs don't require background checks, so cost next to nothing to produce. Originally StartSSL announced free DV certs for non-commercial purposes, then Heroku and Cloudflare announced free commercial use, and finally - but most significantly - Let's Encrypt has had a significant impact on the market in it's first six months.
Symantec's effort, dubbed 'Encryption Everywhere' is being offered via traditional '90s style web hosting control panels: both the certs and Symantec's various upsells are integrated into the hosts control panels. Hosts make an agreement with Symantec to push the upsells and get free DV certs in return.
Symantec will be charging for:
- ECC. Free certs are RSA only. ECC has better strength/performance than RSA, which makes it particularly suited to mobile devices.
- EV certs - for companies that need to prove their identity. Note: we sell EV certs, but we do it a lot differently from Symantec.
- Wildcards - the Baseline Requirements require a little extra work for CAs when issuing wildcards, see Section 188.8.131.52, but this is still automatable. We suspect the wildcard charge is simply because Let's Encrypt don't do wildcards.
- 'Site seals' despite the dubious merits.
The innovation that isn't happening
There's so much Symantec could do here but isn't:
But the word we get is that Encryption Everywhere was thrown together pretty quickly - Symantec didn't expect Let's Encrypt to have had the impact it has. It's a reshuffle of existing tech and offerings, and doesn't significantly differ from the Symantec we know and love.