Time for Product Management to chime in to the discussion:
Thanx for the ongoing feedback.
First I will respond to Fabian's concern and then I hope to initiate an
interesting discussion here on the discuss list (two seperate posts)
Cross-certification of Entrust with Thawte:
In order for a Web Certificate to work without generating an error message
it must be recognized by the browser. In order to be recognized the Web
Certificate must have been issued by a CA that has root authority in the
browser. This can be accomplished in two ways: 1) through an arrangement
with the maker of the browser or 2) through an arrangement with a party that
already has root authority in the browser.
The list of CAs that have this authority is a static list in the browser.
Therefore, for future revisions of the browser it is only possible for a new
CA to get certification from the maker of the browser. In order to obtain
certifications in existing versions of browsers, the only option is for the
CA to get cross-certified by a CA that already has root certification in the
browser.
Entrust is a root authority in the latest browsers but had to be
cross-certified for recognition in older browsers. A cross-certification
agreement is a one-time fee to the party with root authentication. There is
no connection between the technology and businesses of either Entrust or
Thawte. They each have their own Certification Practice Statements, Secure
Facilities, and business plans. Entrust will continue to have root authority
in all the new browsers such that, as older versions of browsers start to
dissappear in the marketplace, it will no longer be necessary to have any
cross-certification relationship with Thawte. We do not share customer lists
(more on this in the following post).
The Point
The important metric is browser recognition. Nobody wants their customers,
when trying to go to a secure prtion of the site, to get a pop-up message
that states that "the Certificate Authority is not recognized; the identity
of the secure server cannot be guaranteed" (something like that anyway).
Whether a cert is authenticated by a primary authority or by a second or
third level makes no functional difference, the important item is that it is
recognized by the browser. And, in any event as time goes on, Entrust will
be a primary authority in the all future versions of the browsers.
Now on to Equifax... To be continued
Darryl Green
Product Manager
[EMAIL PROTECTED]
Tucows Inc.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Toxik - Fabian
> Rodriguez
> Sent: Friday, February 09, 2001 10:41 AM
> To: William X. Walsh
> Cc: [EMAIL PROTECTED]
> Subject: RE: Quesiton about certificates
>
>
> William,
>
> You didn't understand the relationship of Tucows with Entrust...
>
> > 1) The $25 ISP discount applies only to the first year
> News for me.. but $25 is not what makes the biggest difference. Once the
> customer has obtained a certificate at one place, unless bad
> service/support
> are included, chances are they will renew it at the same place (unless you
> sell only certificates).
>
> > 2) Thawte is owned by Verisign, which also owns NSI, and do you trust
> > them to keep that pricing at this level when they are competing with
> > themselves at $399/yr? Do you want them to have your customers in
> > their customer database, thus giving them implicit permission to
> > market to them?
> This applies to Tucows too, since they get their certificates at Entrust,
> which in turn is a Thawte CA authority. I can't say if they all
> shar customer
> lists, though.
>
> > 3) Certs are not levels in the sense you mean. The Entrust CA
> > certificate, like the Equifax CA certificate, has been signed by
> > Thawte, which enables those CA's to work with older browsers without
> > error messages being sent to the users.
>
> To the customers this is not the case. They know Thawte better
> that the otwo
> others and their perception is that they obtain certificates of
> "3rd level".
>
> > However, Tucows isn't competitive at $99 anyway, I'd recommend the
> > business partner program at Equifax as it stands right now.
>
> For Canadian customers this might be OK, even in US. But when
> explaining this
> to overseas customers, they tend to trust Thawte more. Why would
> they get a
> certificate with a reseller that's been in business for 1yr. when
> Thawte is
> the primary CA and has been around much longer ?
>
> I don't question Tucows technical excellence (on the contrary! we
> are an RSP
> and have excellent service), but business wise I have a hard time
> to justify
> jumping board from Thawte to OpensRS certs, for $1 rebate.
>
> Cheers,
>
> Fabian Rodriguez - Associate Dir., Outsourcing and Business development
> Toxik Technologies Inc. - www.Toxik.com - (514)528-6945 x1
>
