Re: Verisign/NSI/Thawte monopoly

Thu, 30 Mar 2000 05:47:30 -0800 



[EMAIL PROTECTED] wrote:

> 
> So it seems to me that while the cert may certify that said organization
> is who they say they are - nobody seems to ask if who they say they are
> has any relevance to anything.

[snip]

Look back to the problem it is solving
  a) SSL makes sure no-one can intercept communications meant to be
     private
  b) Certificates authenticate that the person is who they say they
     are.

Trust goes to trusting that second statement, not the trustworthiness
of the company behind the statement.

> 
> =================
> 

[snip]

> 
> Or to put it another way - I do business and I deal with my bank for
> instance.  I trust my bank...  and I would be quite happy if my bank
> issued a cert for me to use that authenticates that my company is a good
> corporate citizen and in good standing with the bank at least.  A cert
> from my bank would mean something.  A cert from Thawte does not and
> neither does a cert from Verisign.  Since my bank for instance would be
> considered probably by the vast majority of customers to be a far more
> reliable measure of e-commerce trustworthiness, why should my bank be
> forced into the situation of having to fork over hundred's of thousands or
> even millions for literally NOTHING... if it wants to issue a cert?

???? Getting a bank account is just as trivial and does NOT add anything
to the value of the trustworthiness of the company. It just says that
(in your example) that the fraudster went with a piece of ID such as
a birth certificate, drivers license (again easily duplicated) and
his company papers and opened up an account for that company.

> 
> This is a ransom fee and little more.
> 
> =================
> 
> I think it is quite germain to us who develope the keys that enable
> internet commerce and security to look at the broader issue of who
> controls and profits from the technology we develop.
> 
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to