On 5/19/05, Ian G <[EMAIL PROTECTED]> wrote: > On Friday 20 May 2005 00:33, Ram A Moskovitz wrote: > > > Perhaps. We are dealing with a hypothetical and > > > we can only conjecture as to how this would unfold. > > > It may be that Verisign would fight it, but as they > > > have much more revenue from the federal government > > > I personally would bet that they wouldn't fight it. > > > > You have data that shows VeriSign makes more money of the US Fed than > > off the commercial sector? I believe that is false; citation please. > > Well, you may be right. That's why I said conjecture, > and that I would personally bet that they wouldn't > fight. > > As to your comment above about the commercial > sector, I didn't comment on it but I can see that might > be taken to be what it meant. What I should have > said is that as Verisign makes much more revenue > from the federal government than from the intended > victim of a substitute cert attack, then they are > unlikely to fight it. > > If you need a cite on that, check "agency theory."
You have repeatedly argued that the value of brand and reputation plays into a CA's behavior. Here you are saying that a CA would toss its reputation to keep one of it's small (revenue size) customers happy. > > > Also, > > > if one is to look at the location, board, and interlinkings, > > > it has often been commented that Verisign is one of the > > > closest organisations, along with Oracle by way of > > > example. > > > > I believe that is false; citation please. > > I had it in my mind that Verisign was headquartered > in Washington area, maybe I was thinking of one of > the acquisitions. Was Network Solutions HQ'd there? VeriSign HQ is in beautiful Mountain View, California with offices in many countries. In any case I disagree with your conjecture that physical proximity is a good indication of trust or friendship. > > > > > > In any case I > > > > > > think you would go along with any legitimate request made by a > > > > > > legitimate government authority; I would. > > > > > > > > > > I think Duane is in Australia. > > > > > > > > And so being an upstanding Australian citizen or resident I expect he > > > > "would go along with any legitimate request made by a legitimate > > > > government authority" > > > > > > OK, so just FYI, that is an approach that > > > would not work so well outside the US, as > > > you can perhaps see from Duane's response. > > > > My intended meaning of "legitimate" request was a reference to > > appropriate - the point being to exclude cases of inappropriate or > > unethical requests. > > OK, just so there's no misunderstanding here, > such a request could cause tempers to be > inflamed, as you are telling the person that > your view of "legitimate" is the one that they > need to accept. Actually I said the opposite. My point was that if Duane judged by *his* values that a request was appropriate that he would help out. > This is a cultural thing, I think. Different > countries have very different attitutes as to > how things are couched and what negotiating > techniques are valid and what are rude. My working assumption is that one develops a reputation based on their behavior and that repuation helps overcome cultural gaps - we've talked about that before Ian ;) Duane - my sincerest apologies to you if I have offended you, it was never my intent. > (The precise technique is a win-lose negotiating > technique and I don't know its technical name.) I am well equiped for non-civilized discourse, I'm not sure I've ever been in a situation that warranted it, although in my youth there were times I felt differently ;) have a nice weekend, ram _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
