Date: Wed, 23 Oct 2002 01:00:27 -0400 From: Larry Sica <lomifeh@earthlink.net> To: Brett Glass <brett@lariat.org> Cc: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>, ulf@Alameda.net, freebsd-chat@FreeBSD.ORG Subject: Re: Verisign, Thawte, Entrust, whom? Message-ID: <58A0C34E-E644-11D6-8D77-000393A335A2@earthlink.net> In-Reply-To: <4.3.2.7.2.20021022201207.00c1c240@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, October 22, 2002, at 10:22 PM, Brett Glass wrote: > At 10:04 AM 10/22/2002, Larry Sica wrote: > >> Ok, what about all the other SSL cert providers? When Ma Bell was >> found to be a monopoly did you stop using the phone? > > The Bell System was a legally granted monopoly. It was never "found" > to be one. > It was found to be a monopoly, the 1949 suit found it so, in 1956 there was a legal settlement. Then in 74 the DOJ went after them again..and the break up began in 1982. > However, I have switched, as much as is possible, away from Qwest, its > offspring. Not only did US West neglect vital maintenance of > infrastructure > and defer connections to new customers for more than a year to make > its balance sheet look better before the acquisition, but Qwest (which > acquired it with dot-com stock) likewise cooked the books in collusion > with Global Crossing. The result: a colossal meltdown that may yet > lead to > bankruptcy. > > Some business with the local phone Nazis is unavoidable, but I do > give other companies my business when I can. > >> Doesn't this kind of defeat the purpose to a degree of using >> certificates. One wants a third party CA so people will be able to >> trust your site. > > None of the third parties are trustworthy. Any slimeball can get a > certificate, and sites that rip people off have certificates just > like honest ones do. The companies that issue certificates are the > least trustworthy of all. Again, may I remind you that Verisign > committed mail fraud. The Postal Inspector asked me to gather > evidence, and for all I know I may be a witness at some point in > the future. (Of course, since we're under the Dubya administration, > Verisign may get off simply by greasing the right palms. George > and Dick *love* corporate money.) > I can see you hate verisign, with good reason, but what about the other CA's? A cert tells the user 2 things really. 1 - that the person who asked for the cert owns this domain. 2. This person has proof they are from place a and as this company. The paperwork is something of a pain in the ass. From there if its a good CA you would need to renew yearly by sending them signatures and if you change info you have to redo your cert. Is it perfect? No. Is it something that i needed? Yes. Now for verisign's sliminess..yes they are slimy, and i have complained about them to the FTC. But how does verisign being slimy mean everyone automatically is? I've never had any problems with thawte (and I know who bought them out) of any sort like verisign has done. They also were forced by the court to stop sending those misleading letters in june . I do not know if anything else will happen, though there is pending litigation against them. From the EFF and another registrar. That said, verisign isn't the only game in town..there is thawte (though now owned by Verisign), and others people have posted. > But I digress. In the real world, the only thing https:// is good > for is encryption. It is no guarantee at all that a site is > trustworthy in any way, shape, or form. > https only provides encryption yes, what the CA's provide, or aim to provide, is a way to know you are talking who you intend to and not someone else, and a way to track who "they" are as you have to register and provide documentation. Just like someone can legally obtain, say a gun, and end up murdering someone, anyone can get a cert with the right proof, and rip you off. So we agree there heh. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58A0C34E-E644-11D6-8D77-000393A335A2>