I realy have to wonder, after all this interesting exchange on WebCerts - if
they are actually of any value anyway? It would seem that there is just as
much validity in creating one's own Cert, and placing valid company details
in it. (https://www.inexpensivewebsites.com for an experiment - expired and
everything!) When it pops up on a customer - they can easily check if they
are that interested. They can even 'install' it - and never see the pop up
again.!!!
The other issue being the use of certs anyway? Big deal for encryption. Lots
of dollars changing hands with Cert companies, and 9.9 out of 10 customers
not having a clue anyway as to what it's all about.
and not least, the 'secure' transaction itself. It would seem to me that
there is more likelyhood of a fax with CC details on it going astray than a
transaction between a browser and a cgi/shopping cart in any case. If a
company server is so insecure that hackers can get in to grab the CC lists -
if they are silly enough to have such things in the first place - then no
amount of WebCerts is going to protect the customer. You'd have to be a
spook to be able to intercept a live transaction, so it's only the log trail
that hackers can grab under normal circumstances. Correct me if I'm wrong,
but it all seems like an exercise to make people feel good. and cert
companies wealthy. RSP's certainly don't get wealthy selling certs :-)
I saw somewhere that only about 2% of people purposely use the secure
service anyway, when there is a choice!
cheers
Robert
----- Original Message -----
From: "William X Walsh" <[EMAIL PROTECTED]>
To: "Lynn W. Taylor" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, August 23, 2001 6:38 AM
Subject: Re[2]: How do webcerts work with virtual hosts?
> Wednesday, Wednesday, August 22, 2001, 8:53:54 AM, Lynn W. Taylor wrote:
>
> > In my opinion "users don't care" isn't a reason to subvert the original
> > purpose.
>
> > Someday, it will come back to haunt us.
>
> I doubt it. The largest hosting services in the business have been
> using a single cert and providing "shared" ssl service to their
> customers in the form of
> https://servername.securesite.com/customername/
> for many many years (at least as far back as early 1996 that I can
> verify on the spur of the moment) and no dire consequences has
> happened. This is really no different, since the certificate holder
> is not in fact the merchant or site operator.
>
> You will note that all of the CAs specifically disclaim any
> legal responsibility for verifying the identity of the certificate
> holder. Not a single one backs up their certificates with any kind of
> a guarantee on the identity of the certificate holder.
>
>
> --
> Best regards,
> William X Walsh <[EMAIL PROTECTED]>
> Userfriendly.com Domains
> The most advanced domain lookup tool on the net
> DNS Services from $1.65/mo
>
>
