Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Blaze: The Spy in the Middle
Posted Mar 26, 2010 22:30 UTC (Fri) by foom (subscriber, #14868)
Mark Shuttleworth is rich enough to fund Ubuntu because he sold Thawte (another company that
used to sell overpriced certs) to Verisign in 1999.
Posted Mar 26, 2010 23:29 UTC (Fri) by nix (subscriber, #2304)
Posted Mar 28, 2010 6:28 UTC (Sun) by man_ls (subscriber, #15091)
Posted Mar 28, 2010 6:46 UTC (Sun) by dlang (✭ supporter ✭, #313)
the thing that makes the $900 so bad is that all of this work needed to be done for th $300 cert as well, the only difference between the $300 and $900 option is a tag inside the cert. Most cert vendors don't have the two grades anymore.
also, since the export browser restrictions were lifted, there really shouldn't be anyone using an 'export browser' that would act any differently with the two types of certs (when was the last 'export' browser shipped?) If anyone is still using such a browser they have so many security holes that downgrading the encryption to 40 bits is a minor risk.
Posted Mar 28, 2010 8:11 UTC (Sun) by man_ls (subscriber, #15091)
Imagine the amount of identity validation done by credit agencies such as Visa, or even by banks: they are very superficial. These guys are actually giving you credit, and they will have to pay if you don't. Even so, the amount of validation is (at least here in Europe) hardly worth 10, according to my own estimations. Now what incentives do CAs have to make thorough checks? They are not giving you credit, and they have zero liability if you are not who you claim to be. Therefore it makes good business sense to skim over any ID presented and not think twice about it.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds