((( Financial Cryptography Update: VeriSign and Conflicts of Interest )))
February 02, 2005
http://www.financialcryptography.com/mt/archives/000332.html
------------------------------------------------------------------------
Adam and I have written to ICANN on the VeriSign conflict of interest. ICANN - the Internet numbers and names authority - are in the throes of awarding the top level domain (TLD) of .net to an operator. Currently VeriSign holds this contract, but we are concerned about their conflict of interest with their NetDiscovery service which facilitates intercepts for law enforcement.
http://forum.icann.org/lists/net-rfp-verisign/msg00008.html
Effectively, as a certificate authority (CA), they could be asked to issue false certificates in your name and eavesdrop on your communications. All legally of course, as per court order or subpoena, but the issue arises that they are now serving two masters - the company on whom the order is served, and you the user.
http://en.wikipedia.org/wiki/Conflict_of_interest
Not only is that a conflict of interest, but it is a complete breach in the spirit of the SSL's signed certificate security architecture. As each CA is meant to be trusted - by you - this means they need to avoid such conflicts.
Personally, I can't see any way out of this one. Either VeriSign gives up the certificate authority and TLD business, or its NetDiscovery business, or it's the end of any use of the word trust in the trusted third party concept.
I'd encourage you all to dive over to the ICANN site and file comments.
VeriSign runs the domains, and issues half the net's secure
certificates. It's also angling to be the net's intercept service. Enough is enough, let's spread these critical governance roles around a
bit.
http://icann.org/tlds/net-rfp/net-rfp-public-comments.htm
-- Powered by Movable Type Version 2.64 http://www.movabletype.org/
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]