IP: SSL Certificate "Monopoly" Bears Financial Fruit
Adam Shostack
adam at homeport.org
Fri Jul 12 14:37:06 EDT 2002
On Fri, Jul 12, 2002 at 11:18:12AM -0400, Trei, Peter wrote:
| > I'd rather not state the exact figures. A search of SEC filings may or
| > may not turn up further details.
| >
| > > And who actually owns these numerous trusted roots?
| >
| > I am not sure I understand the question.
| >
| > --Lucky
| >
| I think I do. A 'second hand' root key seems to have some
| trust issues - the thing you are buying is the private half
| of a public key pair .... but that's just a piece of information.
| How can you be sure that, as purchaser, you are the *only*
| possessor of the key, and no one else has another copy (the
| seller, for example)?
Who cares? If I can get a key thats in the main browsers for 90% off,
who cares if other people have it?
I understand that getting the public half of the 2 main browsers will
run you about $250k in fees, plus all the setup work. If I can buy a
slightly used Ncipher box whose public key bits are in the browsers
for a 10th to a 5th of that, the extra copies of the bits aren't all
that worrisome to me.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list