[EMAIL PROTECTED] writes: >On 6 Jul 2002 at 9:33, R. A. Hettinga wrote: >>Thawte has now announced a round of major price increases. New >>cert prices appear to have almost doubled, and renewals have >>increased more than 50%. While Thawte proclaims this is their >>first price increase in five years, this comes at a time when we >>should be seeing *increased* competition and *lower* prices for >>such virtual products, not such price increases. But of course, >>in an effective monopoly environment, it's your way or the >>highway, so this should have been entirely expected. > >IE comes preloaded with about 34 root certificate authorities, and it is easy >for the end user to add more, to add more in batches. Anyone can coerce open >SSL to generate any certificates he pleases, with some work.
Both Netscape 6 and MSIE 5 contain ~100 built-in, automatically-trusted CA certs. * Certs with 512-bit keys. * Certs with 40-year lifetimes. * Certs from organisations you've never heard of before ("Honest Joe's Used Cars and Certificates"). * Certs from CAs with unmaintained/moribund websites ("404.notfound.com"). These certs are what controls access to your machine (ActiveX, Java, install- on-demand, etc etc). * It takes 600-700 mouse clicks to disable these certs to leave only CAs you really trust. (The above information was taken from "A rant about SSL, oder: die grosse Sicherheitsillusion" by Matthias Bruestle, presented at the KNF-Kongress 2002). >Why is not someone else issuing certificates? How many more do you need? Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]