On Saturday 21 May 2005 02:22, Ram A Moskovitz wrote: > You have repeatedly argued that the value of brand and reputation > plays into a CA's behavior. Here you are saying that a CA would toss > its reputation to keep one of it's small (revenue size) customers > happy.
Correct on both counts. Now, you are implying that there is a contradiction in these two statements. There is none. In the current market for CAs, reputation is not that important, it is more a missing element that is believed to be important by those CAs that grew up in the old model. If you want a cite, see Amir&Ahmad's paper where they test the brand of Verisign and come up confused. Reputation *could* be very important to to play into a CA's behaviour, but before reputation can do that, it has to enter the public's mind. In order to do that, the browser should present the brand of the CA, as is done in the screen shots in that paper. There are other ways, but this is the most cost-effective that I can think of (c.f., Intel Inside). Now, I know many of you believe that this original Netscape security model is bad. All I can say is this is how brand works - you stick the logo everywhere that is important, that creates the name-brand-reputation relationship in the consumer's mind, and that then leads to the brand becoming valuable, which finally places an onus on the company to protect its valuable brand. By doing the right thing for the customer. Brand is inextricably linked to capitalism and giving the consumer the ability to vote with their dollar or euro; the alternate is "we know better" and that is always related to extra costs and no delivery of service because we know better can't work in practice. As far as consumer brands are concerned, Verisign could sell its cert division tomorrow and no consumer nor any merchant would notice. (cite: NetSol.) In sum, the Verisign reputation does not hold back the company from shafting any given retail customer, or merchant, or any small player, IMHO. Whether it does so is another question - my point today is that the brand and reputation would not hold it back. I wish it did. I would like Verisign's reputation to act as a brake on the company's behaviour. I would also like not to have to repeat this same mantra so many times to overcome the resistance to change, and to craft a place in the future for CAs. Without brand, CAs have no future, they will be overtaken by the events that are unfolding now. (cite: Netcraft.) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
