While I would not challenge most of what you say, the simple truth is that you do not have the cheapest solution on the market for your resellers. End users, maybe. Resellers, no.
Just sign on as a Geotrust reseller and you are provided lower prices that what Tucows offers, with less hassle in securing the cert. That includes the full cert, not just the quick cert. Sorry but $99 as the wholesale price of a cert is not a good deal. Which is probably why you hide the price till the very bottom of the reseller agreement. ----- Original Message ----- From: "Darryl Green" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 19, 2001 10:47 AM Subject: FW: Digital Certificates > Point taken.... > > I am working on a "Real" answer.. This is one of the reasons I have been a > little quieter on the list these days. > > It became clear from our discussions a couple of weeks ago that, at best -- > the 'identity' component of the certificate is not as critical to you as the > incumbent market leading Certificate Authorities would have us believe and > at worst, the whole idea of web certificates is an inadequate solution to > the problem they are intended to solve (namely non-repudiation of commercial > transactions). > > I was particularly moved by the observation that it is really the merchant > that is taking the risk of repudiation -- this is true. For credit card > transactions the provider of the payment gateway/merchant account is trusted > third party enough for the purposes of non-repudiation -- leaving the value > of a web-certificate only in the encryption component. Personal identity > that would benefit the merchant is accomplished through personal > certificates and e-commerce merchants have thus-far chosen to accept the > risk of not requiring them and/or verifying identity in off-line methods > (only shipping to the same address as listed on the credit card, phoning the > listed phone number on the credit card etc.). > > However, without the identity component the end-user is not protected > against fraudulent collection of information from an imposter (I have posted > an article from today's Wall Street Journal below -- it shows a situation in > which a fraud would have been prevented if users demanded a properly > authenticated certificate -- ultimately that may have been what tipped the > users off in the first place -- spelling errors and healthy scepticism were > noted in the article). This is of greater concern for some applications > than others. The message I clearly received from our discussion is that you > do not feel you need full identity verification for all applications. Just > as long as the browser error message is avoided. > > As stated before, I am working on a "Real" answer to your concerns. In the > mean-time, for those applications that require full identification we now > have the cheapest solution on the market and you should find the > verification process running smoothly. If you don't you can let me know > immediately and we will get it sorted out. Given some of the troubles in the > last month we are on high alert right now to ensure that verification runs > as smoothly and smoother than it did previously. > > Regards > Darryl Green > [EMAIL PROTECTED] > Tucows Inc. > Phone:(416)538-5461 > Fax: (416)-531-5584 > 96 Mowat Avenue > Toronto Ontario > M6K 3M1 > > > > 'Spoofer' Tries Unsuccessfully to Snag > Credit-Card Numbers of PayPal Users > By STEPHANIE MILES and STACY FORSTER > THE WALL STREET JOURNAL ONLINE > > Ben Cichanowicz received an e-mail Monday evening purporting to be from > online payment service PayPal Inc. The note promised a $5 credit to his > account if he visited Paypal-Secure.com and updated his account information, > including his credit-card number. "All you have to do to claim your $5 gift > from is update your information on our secure Pay Pal site," the e-mail > claimed. > While the e-mail had a PayPal return address, the Web site didn't quite look > right. Mr. Cichanowicz, a systems administrator in Lexington, Ky., quickly > suspected fraud. He and his wife were tipped off by several spelling errors, > as well as by the fact that the site was missing security information, he > said. "This was the first thing that caught our attention," he said. > Indeed, PayPal-Secure.com was a "spoof" site -- a fraudulent Web page > designed to trick PayPal users into giving up their credit-card and personal > information. Mr. Cichanowicz, along with other recipients of the e-mail, > alerted PayPal about the existence of the site. PayPal then asked > DigitalSpace.net, the company hosting the site, to shut down the site, which > it did. DigitalSpace said it is company policy to shut down sites when > alerted of possible fraud. > The PayPal-Secure incident is a twist on an old con. For years, giant > America Online has warned users not to give out passwords or personal > information, and online investors know to carefully check their news sources > after fake articles buffeted stocks in several incidents. > This isn't the first time PayPal (www.paypal.com), of Palo Alto, Calif., has > been targeted by a spoof site. Last year, a site called PayPai.com was set > up with the intent of stealing user names and passwords from users who typed > the Web address by mistake. > With spoofers, companies "can't control that they're under attack," said > Avivah Litan, vice president of financial services for technology consulting > and research firm Gartner Inc. "There's nothing you can do about it except > educate consumers." > "There's all types of scams and fraud that people try to pull in the online > world -- just as they do in the offline world," said Vince Solitto, > spokesman for PayPal. PayPal was alerted by a "few" customers about the > site, Mr. Solitto said, declining to specify how many people contacted the > company or received the e-mail message. He speculated that the PayPal-Secure > entity probably sent out e-mail messages haphazardly to millions of people, > hoping to hit some PayPal users. He added that there had been no indication > that the PayPal network had been hacked or broken into. > > Image of "spoof" PayPal site > According to domain-name registration records at VeriSign Inc., the > PayPal-Secure.com address is registered to an entity called PayPalSecure. > The record lists a phony phone number and address for the company. PayPal > said it could subpoena the account information for the site from > DigitalSpace.net, but that information would most likely be faked as well. > "One of the problems with the Net is that it's easy to dummy something up to > look like a legitimate entity, and you might have to click through further > to ensure that it is the place that you think you are visiting," said Susan > Grant, director of the Internet Fraud Watch for the National Consumers > League. These types of scams make it harder for legitimate companies to gain > users' confidence, she added. > PayPal does warn its customers about fraud and says it is vigilant about > protecting its users. The company says its customers are safe because they > are reimbursed -- either by PayPal or by their credit-card company, > depending on the situation -- for any fraudulent charges to their account. > Online Service PayPal Sets Range for Its Proposed IPO (Dec. 14) > The PayPal-Secure scam played on PayPal's earlier viral marketing campaign, > which helped to fuel its exponential growth. The company, which launched in > October 1999, had 10.6 million accounts as of Sept. 30, 2001, and processes > an average of 171,000 payments per day totaling $8.5 million in daily > volume, according to the company. During its early days, PayPal would give > $10 to any user who signed up a friend, and gave the friend $10, too. > PayPal still provides some bonuses, but the requirements for receiving one > have become much stricter. Now, according to the PayPal Web site, customers > must verify their account with a credit card, deposit $250 and sign up for a > money-market account to receive the new account bonus. > The attack comes at an inopportune time for PayPal, which last week set the > range for its proposed initial public offering. The company is already under > scrutiny from investors nervous about its exposure to liability from > credit-card fraud, in part because PayPal promises to reimburse any customer > whose credit card or account is fraudulently used. PayPal is used primarily > by users of eBay Inc. and other auctions to process payments for online > transactions. > In the past, customers have complained to the Better Business Bureau and > Federal Trade Commission about PayPal's fraud protections. Over the last > year, however, the company has aggressively worked to combat credit-card > fraud at the site. "They have very good fraud protection," said Gartner's > Ms. Litan. PayPal's fraud rates are better than average, with about 0.87 % > of its sales lost to fraud, according to its SEC filing. > Neither PayPal nor Digital Space said they notified law enforcement > authorities after PayPal-Secure.com was taken offline. "We certainly > wouldn't bother the FBI about it," said Mr. Solitto, who called the "spoof" > category of fraud "not particularly novel or sophisticated." > PayPal said it hasn't received any reports from customers who were actually > tricked into entering their personal information. Mr. Cichanowicz, for his > part, said he didn't give up any account information, but is still disturbed > that he was targeted for fraud. "This is a terrible time for unsuspecting > people to be had by this, especially so close to the holidays," he said. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Allen > Sent: Wednesday, December 19, 2001 11:14 AM > To: Matthew Feinberg > Cc: [EMAIL PROTECTED] > Subject: Re: Digital Certificates > > > That's why I am REALLY considering, and more than likely signing up today. > It has been a week with no "Real" answers from OpenSRS. Just a statement > saying they are working with EnTrust with a new procedure.. > > Mike Allen, 4CheapDomains.Net > [EMAIL PROTECTED] > http://www.4CheapDomains.Net > (812) 275-8425 - Office > (815) 364-1278 - Fax > ----- Original Message ----- > From: Matthew Feinberg > To: 'Mike Allen' ; [EMAIL PROTECTED] > Sent: Wednesday, December 19, 2001 10:55 AM > Subject: RE: Digital Certificates > > > I have already switched over to Entrust and it it going well. > I could no longer spend 5 to 8 hours of time on SSL Cert issue per Cert to > only make $25. > > Entrust, never once delivered a certificate without us chasing them around. > 1 customer took 4 weeks to get the Cert... Terrible! > > Matthew > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Allen > Sent: Tuesday, December 18, 2001 4:06 PM > To: [EMAIL PROTECTED] > Subject: Digital Certificates > > > Hi Guys... About this digital certificate thing and our current problems... > If open SRS is going to fix things, it better be fast. GeoTrust just > contacted me and they are making us a very sweet offer for re-selling. > Chuck, you may even want to re-consider the prices for these certificates > and maybe offer also the QuickSSL with a GOOD price... > > Mike Allen, 4CheapDomains.Net > [EMAIL PROTECTED] > http://www.4CheapDomains.Net > (812) 275-8425 - Office > (815) 364-1278 - Fax > >
