On Thursday 19 May 2005 23:25, Ram A Moskovitz wrote: > > If it is the US government then it is probably > > easier to ask Verisign. > > I don't think it would be tougher for the US gov to get a certificate > out of one US corp or another assuming they had legal grounds to do so > and the employees saw no ethnical problem with doing so. If there is a > difference I think it is the opposite of what you suggest. VeriSign > can afford to fight requests it has problems with while a smaller > company may find it much harder. There is a weak analogue available in > the way ISPs are handling requests for their customer's information - > of course the ISPs don't live by a repuation that depends on trust so > they are not as motivated to avoid trust breaches.
Perhaps. We are dealing with a hypothetical and we can only conjecture as to how this would unfold. It may be that Verisign would fight it, but as they have much more revenue from the federal government I personally would bet that they wouldn't fight it. Also, if one is to look at the location, board, and interlinkings, it has often been commented that Verisign is one of the closest organisations, along with Oracle by way of example. > > > In any case I > > > think you would go along with any legitimate request made by a > > > legitimate government authority; I would. > > > > I think Duane is in Australia. > > And so being an upstanding Australian citizen or resident I expect he > "would go along with any legitimate request made by a legitimate > government authority" OK, so just FYI, that is an approach that would not work so well outside the US, as you can perhaps see from Duane's response. Many peoples around the world would be bemused at a direct appeal to nationalism, and the notion that because someone says it is legitimate then it somehow is legitimate is more of a US sales technique (I'm not trying to be rude here, I've been surveyed in the US in exactly that fashion and had to do a little digging to work it all out). As the discussion in context includes the notion of a gag order on the activity then it is (IMHO) likely that many people would consider such a cert issuance to be non-legitimate, even from a court. For example, such a case did happen in Germany, and IIRC they leaked the info and then shut up shop. A similar thing happened in Finland when the Scientologists breached the penet remailer. Either way, many Internet people think that privacy is privacy, and once breached, that needs to be recognised. (Which might not then result in much like refusing the warrant ... but it is certainly enough to call into question any policy that says "that's ok coz the government asked for it" and to render such as not really popular for Internet open source groups to consider as part of their policy.) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
