VeriSign and Conflicts of Interest

Ian G iang at systemics.com
Wed Feb 2 18:25:44 EST 2005 

((( Financial Cryptography Update: VeriSign and Conflicts of Interest )))

                           February 02, 2005

http://www.financialcryptography.com/mt/archives/000332.html

------------------------------------------------------------------------

Adam and I have written to ICANN on the VeriSign conflict of interest.
ICANN - the Internet numbers and names authority - are in the throes of
awarding the top level domain (TLD) of .net to an operator.  Currently
VeriSign holds this contract, but we are concerned about their conflict
of interest with their NetDiscovery service which facilitates
intercepts for law enforcement.

http://forum.icann.org/lists/net-rfp-verisign/msg00008.html

Effectively, as a certificate authority (CA), they could be asked to
issue false certificates in your name and eavesdrop on your
communications.  All legally of course, as per court order or subpoena,
but the issue arises that they are now serving two masters - the
company on whom the order is served, and you the user.

http://en.wikipedia.org/wiki/Conflict_of_interest

Not only is that a conflict of interest, but it is a complete breach in
the spirit of the SSL's signed certificate security architecture.  As
each CA is meant to be trusted - by you - this means they need to avoid
such conflicts.

Personally, I can't see any way out of this one.  Either VeriSign gives
up the certificate authority and TLD business, or its NetDiscovery
business, or it's the end of any use of the word trust in the trusted
third party concept.

I'd encourage you all to dive over to the ICANN site and file comments.
 VeriSign runs the domains, and issues half the net's secure
certificates.  It's also angling to be the net's intercept service. 
Enough is enough, let's spread these critical governance roles around a
bit.

http://icann.org/tlds/net-rfp/net-rfp-public-comments.htm

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/




-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list