Web of trust

Peter T. Abplanalp pta@psaconsultants.com
Wed Jun 5 16:40:03 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 05, 2002 at 08:37:52AM -0500, David T-G wrote:

> The WoT should continue to increase, just as it has for years.  The
> problem is simply balancing the level of your need for verification with
> the cost of doing so.  That's a reason some folks like a central
> authority like VeriSign; it's easy to trust them, and then you can trust
> anyone who bought one of their certificates.  Others still favor the
> pgp/gpg "peer to peer" approach, you might call it.

on the topic of verisign, i for one, don't trust them any farther than
i could throw them and the fact that companies like this have the
e-commerce certificate market cornered really peeves me.  as i
understand it, i can generate an ssl key sign request cert, put it in
on their web site and bingo, i get my cert signed.  what kind of check
did verisign perform?  who knows and that is the point.  and yet they
feel they can charge money for this "service."  i'm tempted to create
my own ca, sign my own cert, explain to people why their browser
complains and see if people would trust my ca any more or less than a
"trusted" (read known) ca by installing my ca cert in their browser.
then i could start to charge other people :-) if it wasn't for all the
baloney state governments make ca's go through to be "certified"  none
of which seems to be centered on actually making verisign and their
ilk check on entities requesting signing but more on record keeping.

Peter Abplanalp

Email:   pta@psaconsultants.com
PGP:     pgp.mit.edu

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org