>
> As to whether people actually use it...I dunno, but using an invalid cert
> and generating that popup...that I think is a huge mistake...make it
simple
> for the user, cert or not...explaining away that obnoxious "unknown" cert
> popup...thats not something I want to do. For a first time customer, that
> just looks tacky!
Which is why I don't use it. :-)
and also why I started this thread in the first place - trying to discover
what I need to do to validate a site. Which I have long since found out :-)
cheers
Robert
>
> -bryanw
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Robert
> Sent: Wednesday, August 22, 2001 3:59 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Re[2]: How do webcerts work with virtual hosts?
>
>
> I realy have to wonder, after all this interesting exchange on WebCerts -
if
> they are actually of any value anyway? It would seem that there is just as
> much validity in creating one's own Cert, and placing valid company
details
> in it. (https://www.inexpensivewebsites.com for an experiment - expired
and
> everything!) When it pops up on a customer - they can easily check if they
> are that interested. They can even 'install' it - and never see the pop up
> again.!!!
> The other issue being the use of certs anyway? Big deal for encryption.
Lots
> of dollars changing hands with Cert companies, and 9.9 out of 10 customers
> not having a clue anyway as to what it's all about.
> and not least, the 'secure' transaction itself. It would seem to me that
> there is more likelyhood of a fax with CC details on it going astray than
a
> transaction between a browser and a cgi/shopping cart in any case. If a
> company server is so insecure that hackers can get in to grab the CC
lists -
> if they are silly enough to have such things in the first place - then no
> amount of WebCerts is going to protect the customer. You'd have to be a
> spook to be able to intercept a live transaction, so it's only the log
trail
> that hackers can grab under normal circumstances. Correct me if I'm wrong,
> but it all seems like an exercise to make people feel good. and cert
> companies wealthy. RSP's certainly don't get wealthy selling certs :-)
> I saw somewhere that only about 2% of people purposely use the secure
> service anyway, when there is a choice!
>
> cheers
> Robert
>
>
>
>
> ----- Original Message -----
> From: "William X Walsh" <[EMAIL PROTECTED]>
> To: "Lynn W. Taylor" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, August 23, 2001 6:38 AM
> Subject: Re[2]: How do webcerts work with virtual hosts?
>
>
> > Wednesday, Wednesday, August 22, 2001, 8:53:54 AM, Lynn W. Taylor wrote:
> >
> > > In my opinion "users don't care" isn't a reason to subvert the
original
> > > purpose.
> >
> > > Someday, it will come back to haunt us.
> >
> > I doubt it. The largest hosting services in the business have been
> > using a single cert and providing "shared" ssl service to their
> > customers in the form of
> > https://servername.securesite.com/customername/
> > for many many years (at least as far back as early 1996 that I can
> > verify on the spur of the moment) and no dire consequences has
> > happened. This is really no different, since the certificate holder
> > is not in fact the merchant or site operator.
> >
> > You will note that all of the CAs specifically disclaim any
> > legal responsibility for verifying the identity of the certificate
> > holder. Not a single one backs up their certificates with any kind of
> > a guarantee on the identity of the certificate holder.
> >
> >
> > --
> > Best regards,
> > William X Walsh <[EMAIL PROTECTED]>
> > Userfriendly.com Domains
> > The most advanced domain lookup tool on the net
> > DNS Services from $1.65/mo
> >
> >
>
>
>
