On Monday 09 May 2005 21:32, someone wrote:Trying to restrict cert sales to high priced CAs only serves to slowly stifle the market for security. Have a look at the securityspace.com stats and try and work out how to share about 100k worth of certs per year across dozens or hundreds of CAs, and pay for all the audits and systems, and make a profit!
According to VeriSign's latest SEC filling they have over 400, 000 active server ID customers. Is this news to you?
I've heard that before. Yet SecuritySpace says different, and I understand that the secret / paid reports from Netcraft say something similar to SecuritySpace (anyone have any lying around?).
The largest crl from Verisign is from a ssl server CA, I believe it's the one use for their '128 bits' certificates, and it has today 20881 entries, for one year of activities since the cert are removed when they expire after 1 year.
The second largest crl has 14645 entries, issued under the old RSA Security, Secure Server CA.
I believe a significant number of their users get the installation steps of the certificate wrong, and get a new cert reissued for free if they revoke the first in a short period after receiving it. Still, it's hard to believe that more than 10% of the users end up revoking their cert, so they do have a large market.
But that's not the same situation for other CAs, I think if you add the Verisign and Thawte numbers, most of the market is already taken, and I strongly believe they can not make a living on it.
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
