After a certain point, the trust factor loses its validity and the main point behind SSL becomes the encryption. Since you know longer care who you are talking to, the idea is that the communication between source and destination are encrypted. That does not require a CA. You can build that handshaking directly into the server and the browser...no fee required. You know those little dialogs in IE that pop-up saying this certificate is not from a trusted CA? Those just go away...now, the server issuer becomes the trusted CA. Apache certs and IIS certs and Netscape certs, etc.
The whole reason behind CAs is to have a "TRUSTED" organization like Verisign or Thawte put their name behind the fact that YOU are YOU. When you communicate with a server that uses a Versign or Thawte certificate, you know that business has at least been checked to make sure it is registered as a business and is not an untraceable fly-by-night company. It means that if you need to, you can find the company and sue them. I agree that the credit card company is the way to go for transaction disputes...they are even more "TRUSTED" than the CAs. But my point is that if you remove the trust factor...if a CA no longer does any verification at all...why the hell do we need 'em? The answer is...YOU DON'T. -bryanw HalfPriceNames Domain Registry http://www.halfpricenames.com/ -----Original Message----- From: David Harris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 11:38 AM To: Bryan Waters; [EMAIL PROTECTED] Subject: RE: GeoTrust/QuickSSL and the meaning of Certs Bryan Waters [mailto:[EMAIL PROTECTED]] wrote: > Although I agree with it for all the reasons stated by Walsh and co., > QuickSSL will never work because eventually everyone will be offering certs > for nothing...at that point, why not just have the browser automatically > trust an un-trusted cert and get rid of the CAs altogether... No, a QuickSSL CA still provides a useful service that helps prevent man in the middle attacks. I agree, certs will drop in price, but this will not be the death of them. They will become like domain names with fully automated provisioning and good competition. Eventually, I would expect that they would become just another bundled service provided as part of your domain name registration. David
