Don't forget versign bought network solutions also.
On Dec 7, 2000, Dave Paris in our continuing battle wrote:
>If an eight-year-old were to look at the whole thing and write your
>reply, then yes .. what you've written would probably be accurate - just
>missing other fun phrases like "dooty-head", "cooties", etc.
>
>D&B aren't a bunch of rank amateurs when it comes to checking the
>legitmacy of a business. As for "who decided that X was really
>trustable", it was people who are
>
>a) most likely on the net wayyy before you. (pre-web)
>a) probably more knowledgable than you (have you tried out-marketing MS
>recently?[1]),
>b) definitely uninterested in asking you,
>c) backed with more corporate $$$ than you, more-than-likely
>and
>d) well, you're stuck with it. they're doing a passable job and you
>can't change it anyway. (despite all the whining I've heard about
>verisign, I've yet to experience even one delay in getting a cert using
>their online toolset - however I won't discount these other stories, so
>verisign gets nothing above "passable")
>
>You can either dance with an elephant or get run over by him. Your
>choice, choose wisely.
>
>Yes, I hate it that VeriSign bought Thawte. It sucks. It ruins
>competition. I've dealt with both and I preferred Thawte, despite their
>*massive* client cert expiration fustercluck with IE two years ago. Oh
>well, the bus is leaving the station and I still have to get on to
>another town. If you're walking, I'll see you there after awhile.
>
>regards,
>--dsp
>
>NOTES
>[1] I don't purchase their software, I don't like their tactics, and
>I'll subvert them any chance I get, but you'll *never*, *ever* see
>anyone with two brain cells try to out-market them, including me.
>They've got metric f**ktons of $$$ and have an utter mastery of
>marketing tactics. You go around something like that, not head-to-head.
>
>
>Michael wrote:
>>
>> So the main protection is that company x charges a fee large enough to
>> company y in order to prove company y is a real company and not highschool
>> students trying to rip off users. of course there is no proof that being
>> able to afford a certificate really makes you anymore qualified than small
>> business z and who decided company x was really trustable. all xompany x
>> has proven is that they grasp the concept of this security model well
>> enough to pretty much blackmail company x, company z, etc into paying
>> out the arse for their 30 seconds of work.
>>
>> Maybe is a bit cynical but is that the gist of how it works?
>>
>> *^*^*^*
>> Have the courage to take your own thoughts seriously, for they will shape
>> you. -- Albert Einstein
>>
>> On Wed, 6 Dec 2000, Dave Paris wrote:
>>
>> > While I can appreciate the "why do we have to pay these mooks?!"
>> > attitude, the reasoning is rather more straightforward.
>> >
>> > It seems those making the silly** (imho) arguments have forgotten the
>> > entire reason for a "trusted third party" (in this case, the CA). User
>> > U heads over to site S and wishes to conduct a transaction, except U has
>> > never dealt with S, nor does U have the time to do background checks on
>> > S to significantly reduce the risk that S may actually be a fraudulent
>> > front end for a questionable organization. Note that I'm not saying
>> > this completely mitigates the risk, as it certainly does not. However
>> > it does go quite some ways to reducing the risk.
>> >
>> > This same notion is at the heart of many types of cryptographic
>> > protocols and key escrow (ick) systems.
>> >
>> > I do completely agree that much over $50 for a certificate is a bit
>> > bonkers (please, someone tell me that 90% of the process isn't
>> > completely automated .. I really need to laugh). However, until a
>> > majority of cert purchasers really understand *how* and *what* trusted
>> > third parties work, the current price is liable to be with us.
>[...]
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
