On 09.09.2002 at 9:35 pm -0400, [EMAIL PROTECTED] wrote: (quoted in full since this was probably destined for the list, not just to me):
>Well, you have Microsoft and Verisign with vested interests in you not doing >that so good luck. > >Basically it's an extorsion racket for end users not to get those (scary) >popup messages that play on their fears of Internet security. Internet >Explorer has come to completely dominate the browser (and I do admit that it >is better than any other option currently available) so the bully on the >block is pretty much entrenched. At least with Tucows entering the picture >on the certs there is (a little) more choice involved but overall the picture >sucks big time. I agree with you regarding IE's dominance and ability. However... I'm running IE 5.2.1 (Mac OS X), and in my prefs -> security - > certificates list, I count about 8 dozen certificates provided by default. By manual inspection, there appear to be about THREE DOZEN DISTINCT ORGANIZATIONS represented among those certificate authorities. Is Microsoft in collusion with these dozens of organizations in order to facilitate an old boys' club of bilking every secure site on the Internet? Frankly, the thing that amazes me most about this is that nobody has raised a stink before. Or at least, one stinky or pervasive enough that I've read about. Certainly nothing that 99% of the browser-using public is remotely aware of. Why does nobody seem to care; do the millions of https-based secure web site operators in the world not have a collective voice large enough? I suppose it's easier just to fork over the cash? Given that https has been around for I-don't-know-how-long, why is there no Free solution to this problem? Certainly there is no technical limitation here, only politico-economic. -ben -- Ben Kennedy, chief magician zygoat creative technical services 613-228-3392 | 1-866-466-4628 http://www.zygoat.ca
