Just to fill you in, the eBusinessID is being offered to us for $89.00 if we sign up before the first of the year. They may even change that, but I can't wait... They will not bill us before the certificate is made either, that was if we ever do have problems. We simply refuse the certificate and don't pay. Simple as that. I do believe that the eBusinessID is the equivalent as your and for $89 and a fast turn around time, it is well worth it... Even if we do not sign up before the first, we can still have it for $99 with the quick processing time....
As for the True-Site, I don't have any interest in that either and will not offer it..... I just know, as I was once looking for a certificate, I think GOD I didn't send mine off to cows because I could not have taken the chance for any delays. They took care of my at a fast pace... Even called me to say "HI" It was kind of nice to have a "Personal Touch" with it... Mike Allen, 4CheapDomains.Net [EMAIL PROTECTED] http://www.4CheapDomains.Net (812) 275-8425 - Office (815) 364-1278 - Fax ----- Original Message ----- From: "Darryl Green" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 19, 2001 7:18 PM Subject: Digital Certificates > (sorry if this ends up on the list twice -- i think the un-edited version > may have been stopped by the guards) > > Sorry if the following sounds a little defensive....but I feel the need to > defend our product offering. > > I have not seen wholesale pricing on the GeoTrust e-business ID that is less > than what we are offering on a per certificate basis. > > Until about a month ago I stated that if a certificate issue took longer > than 24 hours, let me/Entrust know because something must be holding it up > and we could easily investigate. Changes in the back-end resulted in a > temporary slowdown. We should now be back to previous turn-around times and > shortly they are to be much improved. > > The added product you mention "True-site" is, in my opinion, currently > valueless. It is even another level of abstraction from the lock on the > browser (which we have already acknowledged that few people click-on or even > understand in full). This is not to say that it will not become valuable in > the future but it will require wide adoption (classic network effect) and > an end-user marketing/educational campaign. In other words, by using the > True-site product presently you are adding more value to GeoTrust than they > are adding for your web-site....this is not a slag, it is just my present > perception of the world...If 'True-site' catches on that value prop could > change. In fact, maybe they will be successful in setting themselves up as > the Better Business Bureau of the Internet and then the value of the True > Site product would truly be $79 or more. At present however it is not. > > Lastly...and this criticism did p**s me off... in your first e-mail you > suggested we hide the price because we are embarrased by it -- "Sorry but > $99 as the wholesale price of a cert is not a good deal. Which is probably > why you hide the price till the very bottom of the reseller agreement" and > then in your next e-mail you praised GeoTrust for not publishing their > prices -- "Plus my clients do not know how much I paid for the cert with > GeoTrust while with Tucows everybody knows the reseller paid $99." The > reason the price is not evident is so that only resellers or the most > curious of curious end-users would find it. We actually debated this quite a > bit and decided that by just putting it in the reseller agreement we would > capture the appropriate balance between being open and yet protecting our > resellers retail pricing practices.... i don't mind the warranted criticisms > but b**chin' at me for being outside and then b**chin' at me for bein' in > just burns my butt...(i mean that in the good natured spirit of debate -- > but i am a little distressed). > > > > Regards > Darryl Green > [EMAIL PROTECTED] > Tucows Inc. > Phone:(416)538-5461 > Fax: (416)-531-5584 > 96 Mowat Avenue > Toronto Ontario > M6K 3M1 > > > > > > -----Original Message----- > > From: ezgoing8 [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 19, 2001 7:38 PM > > To: Darryl Green; [EMAIL PROTECTED] > > Subject: Re: Digital Certificates > > > > > > I'm not talking about the QuickSSL. > > > > I am talking about the GeoTrust eBusiness ID. While the retail price of > > this is $175, the reseller price is less than the $99 that you > > ask from your > > resellers. Plus eBusiness ID gives the cert plus the TrueSite identify > > emblem, as you are aware. > > > > Much better product and mark up than you offer. As a reseller I can sell > > eBusiness ID and more than double my money if I sell for the posted retail > > price or I can offer it for less than the posted price and still make more > > money than what I can from your cert. Plus my clients do not > > know how much > > I paid for the cert with GeoTrust while with Tucows everybody knows the > > reseller paid $99. > > > > Plus I can get the eBusiness ID within 24 hours and it only requires the > > same level of proof that Thawtes requires. None of this nonsense about > > sworn statements that I am an employee, etc. > > > > > The comparable certificate offering from Geo-Trust (full authentication > > and > > > 98% browser recognition) is their e-business id which they > > retail for $175 > > > (packaged with another one of their services). > > > > > > That's why i said "for those applications that require full > > identification > > > we now > > > have the cheapest solution on the market"...and i stand behind it... > > > > I wouldn't stand too far behind your statement, as it is false, > > as I am sure > > you are aware. I am sure that you could get the package for the resellers > > for even less than we pay, given the difference in volume. And > > we pay less > > than the $99 that you require for your cert, so it's obvious you > > are not the > > cheapest solution on the market for your resellers or for that > > matter, even > > for your reseller clients, as I can sell the eBusiness ID for > > less than $99 > > the resellers pay for your cert and still make a profit if I was that > > foolish. > > > > And as you point out, you get two products for less than the price you are > > asking for just the cert. > > > > > > ----- Original Message ----- > > From: "Darryl Green" <[EMAIL PROTECTED]> > > To: "ezgoing8" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Wednesday, December 19, 2001 1:21 PM > > Subject: RE: Digital Certificates > > > > > > > Not true.... > > > > > > 1) The GeoTrust quickSSL offering does lesser identity verification. In > > > fact, from there own Certificate Practice Statement it reads that the > > > Organizational Unit is not Validated. Given that the > > verification process > > on > > > the traditional certificate makes up the bulk of the cost > > (faxes back and > > > forth -- making sure that the Incorporation Documents and the > > whois record > > > match -- very labour intensive) this gives these certifcates an inherent > > > cost advantage. The price to be paid for that efficiency is > > less certainty > > > around identity (If I have phony whois info with an anonymous e-mail > > address > > > I can get a certificate for that domain, if there is then any > > trouble with > > > the information collected using that certificate at that > > domain, there is > > > not necessarily any easy way to track down my identity -- Conversely, if > > > full authentication is done I would have to send in my incorporation > > > documents or a copy of my passport, thereby resulting in > > greater certainty > > > about my identity if something untoward should be done with the data > > > collected at my site). > > > > > > This lessened-certainty is sacrilege among the big security > > players in the > > > industry. Hard to say how much of this is righteous indignation and how > > much > > > of this is blatant self-interest. In any event it has become clear to me > > > that some of our resellers are not fussed by this lessened > > > certainty/security certificate. It is up to you to decide for your > > > applications whether you and your customers are willing to accept this > > > lowered level of authentication. > > > > > > 2) The quickSSL certificate has a claimed 90% browser > > recognition, i think > > > it is lower but, in any event, is not 99% browser recognition. > > > > > > The comparable certificate offering from Geo-Trust (full authentication > > and > > > 98% browser recognition) is their e-business id which they > > retail for $175 > > > (packaged with another one of their services). > > > > > > That's why i said "for those applications that require full > > identification > > > we now > > > have the cheapest solution on the market"...and i stand behind it... > > > > > > Regards > > > Darryl Green > > > [EMAIL PROTECTED] > > > Tucows Inc. > > > Phone:(416)538-5461 > > > Fax: (416)-531-5584 > > > 96 Mowat Avenue > > > Toronto Ontario > > > M6K 3M1 > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: ezgoing8 [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, December 19, 2001 5:13 PM > > > > To: Darryl Green; [EMAIL PROTECTED] > > > > Subject: Re: Digital Certificates > > > > > > > > > > > > While I would not challenge most of what you say, the simple truth is > > that > > > > you do not have the cheapest solution on the market for your > > > > resellers. End > > > > users, maybe. Resellers, no. > > > > > > > > Just sign on as a Geotrust reseller and you are provided lower prices > > that > > > > what Tucows offers, with less hassle in securing the cert. That > > includes > > > > the full cert, not just the quick cert. > > > > > > > > Sorry but $99 as the wholesale price of a cert is not a good deal. > > Which > > > > is probably why you hide the price till the very bottom of > > the reseller > > > > agreement. > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Darryl Green" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, December 19, 2001 10:47 AM > > > > Subject: FW: Digital Certificates > > > > > > > > > > > > > Point taken.... > > > > > > > > > > I am working on a "Real" answer.. This is one of the reasons I > > > > have been a > > > > > little quieter on the list these days. > > > > > > > > > > It became clear from our discussions a couple of weeks ago that, at > > > > best -- > > > > > the 'identity' component of the certificate is not as > > critical to you > > as > > > > the > > > > > incumbent market leading Certificate Authorities would have us > > > > believe and > > > > > at worst, the whole idea of web certificates is an inadequate > > > > solution to > > > > > the problem they are intended to solve (namely non-repudiation of > > > > commercial > > > > > transactions). > > > > > > > > > > I was particularly moved by the observation that it is really > > > > the merchant > > > > > that is taking the risk of repudiation -- this is true. For credit > > card > > > > > transactions the provider of the payment gateway/merchant account is > > > > trusted > > > > > third party enough for the purposes of non-repudiation -- > > leaving the > > > > value > > > > > of a web-certificate only in the encryption component. Personal > > identity > > > > > that would benefit the merchant is accomplished through personal > > > > > certificates and e-commerce merchants have thus-far chosen to accept > > the > > > > > risk of not requiring them and/or verifying identity in off-line > > methods > > > > > (only shipping to the same address as listed on the credit card, > > phoning > > > > the > > > > > listed phone number on the credit card etc.). > > > > > > > > > > However, without the identity component the end-user is not > > protected > > > > > against fraudulent collection of information from an > > imposter (I have > > > > posted > > > > > an article from today's Wall Street Journal below -- it shows a > > > > situation > > > > in > > > > > which a fraud would have been prevented if users demanded a properly > > > > > authenticated certificate -- ultimately that may have been what > > > > tipped the > > > > > users off in the first place -- spelling errors and healthy > > scepticism > > > > were > > > > > noted in the article). This is of greater concern for some > > applications > > > > > than others. The message I clearly received from our discussion is > > that > > > > you > > > > > do not feel you need full identity verification for all > > > > applications. Just > > > > > as long as the browser error message is avoided. > > > > > > > > > > As stated before, I am working on a "Real" answer to your > > > > concerns. In the > > > > > mean-time, for those applications that require full > > > > identification we now > > > > > have the cheapest solution on the market and you should find the > > > > > verification process running smoothly. If you don't you can let me > > know > > > > > immediately and we will get it sorted out. Given some of > > the troubles > > in > > > > the > > > > > last month we are on high alert right now to ensure that > > > > verification runs > > > > > as smoothly and smoother than it did previously. > > > > > > > > > > Regards > > > > > Darryl Green > > > > > [EMAIL PROTECTED] > > > > > Tucows Inc. > > > > > Phone:(416)538-5461 > > > > > Fax: (416)-531-5584 > > > > > 96 Mowat Avenue > > > > > Toronto Ontario > > > > > M6K 3M1 > > > > > > > > > > > > > > > > > > > > 'Spoofer' Tries Unsuccessfully to Snag > > > > > Credit-Card Numbers of PayPal Users > > > > > By STEPHANIE MILES and STACY FORSTER > > > > > THE WALL STREET JOURNAL ONLINE > > > > > > > > > > Ben Cichanowicz received an e-mail Monday evening purporting to be > > from > > > > > online payment service PayPal Inc. The note promised a $5 credit to > > his > > > > > account if he visited Paypal-Secure.com and updated his account > > > > information, > > > > > including his credit-card number. "All you have to do to > > claim your $5 > > > > gift > > > > > from is update your information on our secure Pay Pal site," the > > e-mail > > > > > claimed. > > > > > While the e-mail had a PayPal return address, the Web site didn't > > quite > > > > look > > > > > right. Mr. Cichanowicz, a systems administrator in Lexington, > > > > Ky., quickly > > > > > suspected fraud. He and his wife were tipped off by several spelling > > > > errors, > > > > > as well as by the fact that the site was missing security > > > > information, he > > > > > said. "This was the first thing that caught our attention," he said. > > > > > Indeed, PayPal-Secure.com was a "spoof" site -- a > > fraudulent Web page > > > > > designed to trick PayPal users into giving up their credit-card and > > > > personal > > > > > information. Mr. Cichanowicz, along with other recipients of the > > e-mail, > > > > > alerted PayPal about the existence of the site. PayPal then asked > > > > > DigitalSpace.net, the company hosting the site, to shut > > down the site, > > > > which > > > > > it did. DigitalSpace said it is company policy to shut down > > sites when > > > > > alerted of possible fraud. > > > > > The PayPal-Secure incident is a twist on an old con. For > > years, giant > > > > > America Online has warned users not to give out passwords > > or personal > > > > > information, and online investors know to carefully check their news > > > > sources > > > > > after fake articles buffeted stocks in several incidents. > > > > > This isn't the first time PayPal (www.paypal.com), of Palo Alto, > > Calif., > > > > has > > > > > been targeted by a spoof site. Last year, a site called > > > > PayPai.com was set > > > > > up with the intent of stealing user names and passwords > > from users who > > > > typed > > > > > the Web address by mistake. > > > > > With spoofers, companies "can't control that they're under attack," > > said > > > > > Avivah Litan, vice president of financial services for technology > > > > consulting > > > > > and research firm Gartner Inc. "There's nothing you can do > > > > about it except > > > > > educate consumers." > > > > > "There's all types of scams and fraud that people try to pull in the > > > > online > > > > > world -- just as they do in the offline world," said Vince Solitto, > > > > > spokesman for PayPal. PayPal was alerted by a "few" customers about > > the > > > > > site, Mr. Solitto said, declining to specify how many people > > > > contacted the > > > > > company or received the e-mail message. He speculated that the > > > > PayPal-Secure > > > > > entity probably sent out e-mail messages haphazardly to millions of > > > > people, > > > > > hoping to hit some PayPal users. He added that there had been no > > > > indication > > > > > that the PayPal network had been hacked or broken into. > > > > > > > > > > Image of "spoof" PayPal site > > > > > According to domain-name registration records at VeriSign Inc., the > > > > > PayPal-Secure.com address is registered to an entity called > > > > PayPalSecure. > > > > > The record lists a phony phone number and address for the > > > > company. PayPal > > > > > said it could subpoena the account information for the site from > > > > > DigitalSpace.net, but that information would most likely be > > > > faked as well. > > > > > "One of the problems with the Net is that it's easy to dummy > > > > something up > > > > to > > > > > look like a legitimate entity, and you might have to click > > > > through further > > > > > to ensure that it is the place that you think you are > > visiting," said > > > > Susan > > > > > Grant, director of the Internet Fraud Watch for the > > National Consumers > > > > > League. These types of scams make it harder for legitimate companies > > to > > > > gain > > > > > users' confidence, she added. > > > > > PayPal does warn its customers about fraud and says it is vigilant > > about > > > > > protecting its users. The company says its customers are safe > > > > because they > > > > > are reimbursed -- either by PayPal or by their credit-card company, > > > > > depending on the situation -- for any fraudulent charges to > > > > their account. > > > > > Online Service PayPal Sets Range for Its Proposed IPO (Dec. 14) > > > > > The PayPal-Secure scam played on PayPal's earlier viral marketing > > > > campaign, > > > > > which helped to fuel its exponential growth. The company, which > > launched > > > > in > > > > > October 1999, had 10.6 million accounts as of Sept. 30, 2001, and > > > > processes > > > > > an average of 171,000 payments per day totaling $8.5 > > million in daily > > > > > volume, according to the company. During its early days, PayPal > > > > would give > > > > > $10 to any user who signed up a friend, and gave the friend > > $10, too. > > > > > PayPal still provides some bonuses, but the requirements for > > > > receiving one > > > > > have become much stricter. Now, according to the PayPal Web site, > > > > customers > > > > > must verify their account with a credit card, deposit $250 and > > > > sign up for > > > > a > > > > > money-market account to receive the new account bonus. > > > > > The attack comes at an inopportune time for PayPal, which last week > > set > > > > the > > > > > range for its proposed initial public offering. The company > > is already > > > > under > > > > > scrutiny from investors nervous about its exposure to liability from > > > > > credit-card fraud, in part because PayPal promises to reimburse any > > > > customer > > > > > whose credit card or account is fraudulently used. PayPal is used > > > > primarily > > > > > by users of eBay Inc. and other auctions to process payments for > > online > > > > > transactions. > > > > > In the past, customers have complained to the Better Business Bureau > > and > > > > > Federal Trade Commission about PayPal's fraud protections. Over the > > last > > > > > year, however, the company has aggressively worked to combat > > credit-card > > > > > fraud at the site. "They have very good fraud protection," said > > > > Gartner's > > > > > Ms. Litan. PayPal's fraud rates are better than average, with > > > > about 0.87 % > > > > > of its sales lost to fraud, according to its SEC filing. > > > > > Neither PayPal nor Digital Space said they notified law enforcement > > > > > authorities after PayPal-Secure.com was taken offline. "We certainly > > > > > wouldn't bother the FBI about it," said Mr. Solitto, who called the > > > > "spoof" > > > > > category of fraud "not particularly novel or sophisticated." > > > > > PayPal said it hasn't received any reports from customers who were > > > > actually > > > > > tricked into entering their personal information. Mr. > > > > Cichanowicz, for his > > > > > part, said he didn't give up any account information, but is still > > > > disturbed > > > > > that he was targeted for fraud. "This is a terrible time for > > > > unsuspecting > > > > > people to be had by this, especially so close to the holidays," he > > said. > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Allen > > > > > Sent: Wednesday, December 19, 2001 11:14 AM > > > > > To: Matthew Feinberg > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: Digital Certificates > > > > > > > > > > > > > > > That's why I am REALLY considering, and more than likely > > > > signing up today. > > > > > It has been a week with no "Real" answers from OpenSRS. Just a > > statement > > > > > saying they are working with EnTrust with a new procedure.. > > > > > > > > > > Mike Allen, 4CheapDomains.Net > > > > > [EMAIL PROTECTED] > > > > > http://www.4CheapDomains.Net > > > > > (812) 275-8425 - Office > > > > > (815) 364-1278 - Fax > > > > > ----- Original Message ----- > > > > > From: Matthew Feinberg > > > > > To: 'Mike Allen' ; [EMAIL PROTECTED] > > > > > Sent: Wednesday, December 19, 2001 10:55 AM > > > > > Subject: RE: Digital Certificates > > > > > > > > > > > > > > > I have already switched over to Entrust and it it going well. > > > > > I could no longer spend 5 to 8 hours of time on SSL Cert issue > > > > per Cert to > > > > > only make $25. > > > > > > > > > > Entrust, never once delivered a certificate without us chasing them > > > > around. > > > > > 1 customer took 4 weeks to get the Cert... Terrible! > > > > > > > > > > Matthew > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Allen > > > > > Sent: Tuesday, December 18, 2001 4:06 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Digital Certificates > > > > > > > > > > > > > > > Hi Guys... About this digital certificate thing and our current > > > > problems... > > > > > If open SRS is going to fix things, it better be fast. GeoTrust just > > > > > contacted me and they are making us a very sweet offer for > > re-selling. > > > > > Chuck, you may even want to re-consider the prices for these > > > > certificates > > > > > and maybe offer also the QuickSSL with a GOOD price... > > > > > > > > > > Mike Allen, 4CheapDomains.Net > > > > > [EMAIL PROTECTED] > > > > > http://www.4CheapDomains.Net > > > > > (812) 275-8425 - Office > > > > > (815) 364-1278 - Fax > > > > > > > > > > > > > > > > > > > > > > > > >
