End of the line for Ireland's dotcom star

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Sep 24 17:58:33 EDT 2003


Anonymous via the Cypherpunks Tonga Remailer <nobody at cypherpunks.to> writes:

>Why is it that none of those 100-odd companies with keys in the browsers are
>doing anything with them?  Verisign has such a central role in the
>infrastructure, but any one of those other companies could compete. Why isn't
>anyone undercutting Verisign's prices?  Look what happened with Thawte when it
>adopted this strategy: Mark Shuttleworth got to visit Mir! Maybe that was a
>one shot deal, but clearly these keys are not being utilized up to their
>economic potential.
>
>Is there some behind the scenes coercion?  Contractual limitations? Will
>Microsoft pull the keys if someone tries to compete with Verisign? What's the
>deal?

No-one ever got fired for buying Verisign.  Unfortunately in order to
understand that buying your certs from anything but the cheapest CA present is
a waste of money, you need a certain amount of understanding of how PKI (or at
least certificate manufacturing, as currently practiced) works.  Verisign have
invested an enormous amount of time and money into communicating the message
that it ain't secure if it doesn't say Verisign, and that's been very
effective.  I have, very occasionally, run into people who've told me how they
managed to locate a CA that sold them their certs for $29.95/year instead of
$495/year, but this is very much the exception to the rule.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list