Re: Verisign acquisition of Thawte

[Bill Michaelson]

> As far as liability being a show stopper, I agree with Ben that it's not.
> "Not for profit" doesn't mean free, it just means "at cost".  The cost of
> managing the liability can be passed on to customers like everything else.

I've long believed that acceptance of liability by CA's is what would truly
make certificates meaningful in a practical sense.  I'd rather have a
certificate with (fidelity?) insurance from Lloyd's or Citigroup than
what Verisign offers, and it's really what irks me about the cost.

Essentially I pay a substantial fee to have them look at my corporate
records!  What's that really worth to my clients?  They get an assurance
that my site represents a corporation - which means *limited* liability!
That's irony.

Of course, this all assumes that the server harboring my certificate is
secure from break-in, another highly problematic aspect of this.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]