The bottom line is that the more complicated certificates are, the more money is being made by companies like Verisign.
In the real world it used to be that we started out with some simple and then complicated it...on the net, we've evolved...we start out complicated and by the time people realized we skipped the simple stage, its simply too late! :) Although I agree with it for all the reasons stated by Walsh and co., QuickSSL will never work because eventually everyone will be offering certs for nothing...at that point, why not just have the browser automatically trust an un-trusted cert and get rid of the CAs altogether... -bryanw HalfPriceNames Domain Registry http://www.halfpricenames.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Harris Sent: Wednesday, December 05, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: RE: GeoTrust/QuickSSL and the meaning of Certs I agree 100% with William Walsh and Robert Mathews on this one. Bring on the QuickSSL certificates! :-) And I thought I'd add my $0.02.... Darryl Green [[EMAIL PROTECTED]] wrote: > If I order a set of Pirelli > tires from HayBobs.com (no slight intended if haybob really exists), I > forward payment and then never receive my tires. Hay Bob doesn't really > exist, none of the contact info in the whois is legit. I have no recourse. > If I gave them payment over a secure connection... I know who he is and can > seek recourse. Who actually prints out the server certificate contact information when making an online purchase? Nobody. Instead, you can/should verify identity and seek recourse through the payment method that you used. If you used your VISA card and Hay Bob had a merchant account, just call your bank to get contact info on Hay Bob. And they will provide the dispute resolution services though a charge back to boot! If you used PayPal, make sure that you ordered through a provider who has a "verified identity". This means that the contact information you see is the same as the contact info on their bank account. That helps you track stuff down and is as good as a verification that you will get out of any CA. Be careful when using a payment method that does not offer you this protection. When I order online I never say to myself, "thank god that the CA properly verified the business name of this entity," rather, I say to myself, "thank god that if I don't receive this product I can simply perform a chargeback and it's up to the provider to prove they shipped it." David
