Web of trust
Peter T. Abplanalp
pta@psaconsultants.com
Wed Jun 5 16:40:03 2002
--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jun 05, 2002 at 08:37:52AM -0500, David T-G wrote:
> The WoT should continue to increase, just as it has for years. The
> problem is simply balancing the level of your need for verification with
> the cost of doing so. That's a reason some folks like a central
> authority like VeriSign; it's easy to trust them, and then you can trust
> anyone who bought one of their certificates. Others still favor the
> pgp/gpg "peer to peer" approach, you might call it.
on the topic of verisign, i for one, don't trust them any farther than
i could throw them and the fact that companies like this have the
e-commerce certificate market cornered really peeves me. as i
understand it, i can generate an ssl key sign request cert, put it in
on their web site and bingo, i get my cert signed. what kind of check
did verisign perform? who knows and that is the point. and yet they
feel they can charge money for this "service." i'm tempted to create
my own ca, sign my own cert, explain to people why their browser
complains and see if people would trust my ca any more or less than a
"trusted" (read known) ca by installing my ca cert in their browser.
then i could start to charge other people :-) if it wasn't for all the
baloney state governments make ca's go through to be "certified" none
of which seems to be centered on actually making verisign and their
ilk check on entities requesting signing but more on record keeping.
--=20
Peter Abplanalp
Email: pta@psaconsultants.com
PGP: pgp.mit.edu
--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8/iMTggA8sH0iRXQRAi2sAJ9isBkcDVM4K0S8R3FU/IBTe0J3mACgh9TL
zn/4lnowsLXJG/1rVvJbxzA=
=vpyd
-----END PGP SIGNATURE-----
--3V7upXqbjpZ4EhLz--