Why free things are so attractive in universities

December 31, 2009

I've seen a number of people saying that universities who took advantage of ipsCA's offer of free SSL certificates for educational institutions are now getting their money's worth, and that it clearly would have been better to pay a real SSL CA vendor for real certificates. Would that it were so simple.

The real attraction of the free ipsCA certificates here (and likely at other universities) was not that they saved you $40 US or so. Their real attraction was that you could get them without bureaucracy.

Spending actual money on SSL certificates would have raised a horde of questions that had to be answered. Who was the best and cheapest vendor? Did we really need a proper SSL certificate for this purpose, or could we either live without SSL or use a self-signed certificate (or even create a local CA)? What budget category and area paid for this certificate, and who had to authorize it? If this service costs $40, is it actually worth it (and can you convince the authorizer of that)?

Getting an ipsCA certificate took one sysadmin ten minutes. It was no contest. And of course we wound up getting more certificates because we didn't have to cost-justify them. A proper certificate for our inbound MX so that even cautious people could do TLS-encrypted ESMTP? Sure, why not, it's free.

This applies to far more than SSL certificates. It is the universal attraction of free stuff at universities, because spending money (even quite trivial amounts of money) can take huge amounts of effort, annoyance, and time. Naturally, things that let you avoid all of this are very attractive.

(In theory the staff time and effort required to spend money acts to drastically raise the real cost of small purchases. In practice, universities generally consider staff time to be free.)

There is an immediate corollary to this for people who want to offer free stuff to universities. The important thing is not that it is free, it is that it requires no bureaucracy; free is a necessary but not sufficient condition for this. A free thing that requires the departmental chair to sign an official agreement that must be inspected by a university lawyer might as well cost a thousand dollars, for all the interest that you're likely to see from us.

Written on 31 December 2009.
« Look at your pull-based system for things that push
Brief bits from the evolving ipsCA failure »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Dec 31 20:50:20 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.