I'd like to know, what is actually checked to make sure a biz on the net
is legit? Are folks looking at bank accounts? Are they looking at credit
history? What is D&B actually checking? Cause I know for a fact a few,
at least of the folks doing biz out here are doing it out of a basement or
kids old bedroom that has a fax, a pc, and a phone, and many of em are
starting with near about zilch to begin with for cashflow.
Thanks,
Ron DuFresne
On Thu, 7 Dec 2000, Dave Paris wrote:
> If an eight-year-old were to look at the whole thing and write your
> reply, then yes .. what you've written would probably be accurate - just
> missing other fun phrases like "dooty-head", "cooties", etc.
>
> D&B aren't a bunch of rank amateurs when it comes to checking the
> legitmacy of a business. As for "who decided that X was really
> trustable", it was people who are
>
> a) most likely on the net wayyy before you. (pre-web)
> a) probably more knowledgable than you (have you tried out-marketing MS
> recently?[1]),
> b) definitely uninterested in asking you,
> c) backed with more corporate $$$ than you, more-than-likely
> and
> d) well, you're stuck with it. they're doing a passable job and you
> can't change it anyway. (despite all the whining I've heard about
> verisign, I've yet to experience even one delay in getting a cert using
> their online toolset - however I won't discount these other stories, so
> verisign gets nothing above "passable")
>
> You can either dance with an elephant or get run over by him. Your
> choice, choose wisely.
>
> Yes, I hate it that VeriSign bought Thawte. It sucks. It ruins
> competition. I've dealt with both and I preferred Thawte, despite their
> *massive* client cert expiration fustercluck with IE two years ago. Oh
> well, the bus is leaving the station and I still have to get on to
> another town. If you're walking, I'll see you there after awhile.
>
> regards,
> --dsp
>
> NOTES
> [1] I don't purchase their software, I don't like their tactics, and
> I'll subvert them any chance I get, but you'll *never*, *ever* see
> anyone with two brain cells try to out-market them, including me.
> They've got metric f**ktons of $$$ and have an utter mastery of
> marketing tactics. You go around something like that, not head-to-head.
>
>
> Michael wrote:
> >
> > So the main protection is that company x charges a fee large enough to
> > company y in order to prove company y is a real company and not highschool
> > students trying to rip off users. of course there is no proof that being
> > able to afford a certificate really makes you anymore qualified than small
> > business z and who decided company x was really trustable. all xompany x
> > has proven is that they grasp the concept of this security model well
> > enough to pretty much blackmail company x, company z, etc into paying
> > out the arse for their 30 seconds of work.
> >
> > Maybe is a bit cynical but is that the gist of how it works?
> >
> > *^*^*^*
> > Have the courage to take your own thoughts seriously, for they will shape
> > you. -- Albert Einstein
> >
> > On Wed, 6 Dec 2000, Dave Paris wrote:
> >
> > > While I can appreciate the "why do we have to pay these mooks?!"
> > > attitude, the reasoning is rather more straightforward.
> > >
> > > It seems those making the silly** (imho) arguments have forgotten the
> > > entire reason for a "trusted third party" (in this case, the CA). User
> > > U heads over to site S and wishes to conduct a transaction, except U has
> > > never dealt with S, nor does U have the time to do background checks on
> > > S to significantly reduce the risk that S may actually be a fraudulent
> > > front end for a questionable organization. Note that I'm not saying
> > > this completely mitigates the risk, as it certainly does not. However
> > > it does go quite some ways to reducing the risk.
> > >
> > > This same notion is at the heart of many types of cryptographic
> > > protocols and key escrow (ick) systems.
> > >
> > > I do completely agree that much over $50 for a certificate is a bit
> > > bonkers (please, someone tell me that 90% of the process isn't
> > > completely automated .. I really need to laugh). However, until a
> > > majority of cert purchasers really understand *how* and *what* trusted
> > > third parties work, the current price is liable to be with us.
> [...]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
