Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
Mark Shuttleworth is rich enough to fund Ubuntu because he sold Thawte (another company that
used to sell overpriced certs) to Verisign in 1999.
Blaze: The Spy in the Middle
Posted Mar 26, 2010 23:29 UTC (Fri) by nix (subscriber, #2304)
Posted Mar 28, 2010 6:28 UTC (Sun) by man_ls (guest, #15091)
Posted Mar 28, 2010 6:46 UTC (Sun) by dlang (✭ supporter ✭, #313)
the thing that makes the $900 so bad is that all of this work needed to be done for th $300 cert as well, the only difference between the $300 and $900 option is a tag inside the cert. Most cert vendors don't have the two grades anymore.
also, since the export browser restrictions were lifted, there really shouldn't be anyone using an 'export browser' that would act any differently with the two types of certs (when was the last 'export' browser shipped?) If anyone is still using such a browser they have so many security holes that downgrading the encryption to 40 bits is a minor risk.
Posted Mar 28, 2010 8:11 UTC (Sun) by man_ls (guest, #15091)
Imagine the amount of identity validation done by credit agencies such as Visa, or even by banks: they are very superficial. These guys are actually giving you credit, and they will have to pay if you don't. Even so, the amount of validation is (at least here in Europe) hardly worth 10, according to my own estimations. Now what incentives do CAs have to make thorough checks? They are not giving you credit, and they have zero liability if you are not who you claim to be. Therefore it makes good business sense to skim over any ID presented and not think twice about it.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds