Re: verisign security,lol

From: Igor Tandetnik (itandetnik_at_mvps.org)
Date: 06/23/04 

Date: Wed, 23 Jun 2004 18:55:38 -0400

"mr.sir bossman" <mrsirbossman@discussions.microsoft.com> wrote in
message news:B1080D75-BCB2-400A-A2C0-CF6CFAE7855B@microsoft.com
> "Igor Tandetnik" wrote:
>> My company actually buys certificates from Verisign. They ask for
>> your DUNS (http://www.dnb.com/us/) registration, then call you in
>> person at the phone number listed in the registration (not the one
>> you provided), in addition to performing other checks. This way, you
>> have to register as a business to get the certificate. At this
>> point, you are as accessible to the law as any other company
>> committing fraud. Which is not to say that you absolutely cannot
>> avoid getting caught, just that it's as easy or difficult to catch
>> you as when you commit any other crime.
>
> So it allows them to punish after crime, kinda pointless.

By this logic, you should be kept in prison from the moment of birth.
Otherwise, you can run away and punch somebody in the face, or break
into a house and steal some money, and the authorities would only be
able to punish you after the crime - "kinda pointless". Much better to
prevent your from ever being able to commit a crime in the first place,
by keeping you all snug and secure in a prison cell.

Yet, I believe you are not restrained at this moment, and you still
don't punch people in the face or break into houses every day,
hopefully. One of the reasons is, you know you will be punished
afterwards, and the benefits of a crime are not worth the consequences
of getting caught. So punishment after crime is not all worthless,
considering that this is the only kind we got. Innocent until proven
guilty, remember? The alternative does not sound particularly attractive
to me.

> As for
> checks some of the ca dont do as much. Dont believe average user
> cares what ca is used anyways.

But you cannot use an arbitrary CA and still have IE accept your
certificate - you must use the CA that is installed into IE as trusted
root. And MS only allows CAs that passed WebTrust audit to become
trusted roots. Presumably, the audit verifies the policies and practices
of a company and establishes that they provide adequate measures of
security and trustworthiness. That's how an "average user" is protected.
You trust your tax advisor certified by AICPA with your private
information - why do you doubt their abilities to adequately certifiy
CAs?

Disclaimer: I have not actually studied the requirements of WebTrust
certification, I've only had dealings with Verisign and not any other
CA, and I'm not a lawyer.

> It is just my opinion microsoft can do
> better than this.

It's easy to say that the solution in place is no good - care to propose
a better one? Come up with your own, patent it, sell it to Microsoft,
and you will be rich quick.

>>> Also, a million ways to get
>>> fake certificates on the web.
>>
>> Care to provide a link?
> Dont pretend it dont happen. Try google.

Couldn't find any. Likely I'm missing something. Presumably you have
already found such sites - please share.

>> If this is true, why do you complain about monopolies and such? Just
>> go ahead and get yourself one.
>
> I was not complaining,original post was to find free microsoft loving
> ca.

Didn't you say, and I quote: "God wish microsoft would stop this
monopoly" ? 

-- 
With best wishes,
    Igor Tandetnik
"For every complex problem, there is a solution that is simple, neat,
and wrong." H.L. Mencken

Relevant Pages

  • Re: verisign security,lol
    ... >> So it allows them to punish after crime, ... >> checks some of the ca dont do as much. ... > certificate - you must use the CA that is installed into IE as trusted ...
    (microsoft.public.vc.atl)
  • Re: Hundreds of innocent people wrongly branded criminals
    ... "People applying to take up jobs as teachers, nurses, childminders and ... Where a CRB check does come up with something recorded, the certificate ... "in the interests of the prevention or detection of crime". ...
    (uk.legal)
  • Re: Hundreds of innocent people wrongly branded criminals
    ... No, with respect I would suggest that the question is whether a system, that is bound to be fallible, has adequate methods for detection and correction of errors and for protecting the subject from the effects of such errors. ... Where a CRB check does come up with something recorded, the certificate should first be sent to the subject and should contain instructions on what to do if the report contains errors. ... It is one thing to delay the issuing of a certificate, say for a month, "in the interests of the prevention or detection of crime". ...
    (uk.legal)
  • Re: What is the highest radio frequency used for radio astronomy?
    ... Major Features of the Administration and McCain-Kerrey Bills ... Federal licensing of certificate ... Encryption public key certificates only ... furtherance of a crime. ...
    (rec.arts.poems)
  • RE: Hi, Any work around for windows mobile 6 dynamic loading warni
    ... Simon, afterfollowing the command suggested below i could only imported the ... still i dont see the certificate after clicking on 'select from store' using ... Visual Developer - Device Application Development MVP ... How to get the reuired certificate under 'select from store option'. ...
    (microsoft.public.dotnet.framework.compactframework)