End of the line for Ireland's dotcom star
Anonymous via the Cypherpunks Tonga Remailer
nobody at cypherpunks.to
Wed Sep 24 03:54:49 EDT 2003
Peter Gutmann writes:
> Is it really that big a deal though? You're only ever as secure as the
> *least secure* of the 100+ CAs automatically trusted by MSIE/CryptoAPI
> and Mozilla, and I suspect that a number of those (ones with 512-bit keys
> or moribund web sites indicating that the owner has disappeared) are much
> more of a risk than the GTE/Baltimore/beTRUSTed/whoever-will-follow-them
> succession.
Why is it that none of those 100-odd companies with keys in the browsers
are doing anything with them? Verisign has such a central role in
the infrastructure, but any one of those other companies could compete.
Why isn't anyone undercutting Verisign's prices? Look what happened with
Thawte when it adopted this strategy: Mark Shuttleworth got to visit Mir!
Maybe that was a one shot deal, but clearly these keys are not being
utilized up to their economic potential.
Is there some behind the scenes coercion? Contractual limitations?
Will Microsoft pull the keys if someone tries to compete with Verisign?
What's the deal?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list