At 5:45 PM +0000 2/4/05, Dave Green wrote: > mmm, petits filous > > Everyone else likes to worry about Google's gathering > conflict of interests, but Verisign's S.P.E.C.T.R.E.-level > skills still take some beating. This week, orbiting crypto > analysts Ian Grigg and Adam Shostock belatedly pointed out > to ICANN that perhaps Verisign couldn't trusted with > .net. Why? Well, Verisign these days offers both top level > domains and SSL certificate authentication. They also, with > their NetDiscovery service - sell ISPs a complete service for > complying with law enforcement surveillance orders. So, if an > American court demands an ISP wiretap its customers, and the > ISP turns that order over to Verisign to do the dirty: well, > Verisign can now fake any domain you want, and issue any > temporary fake certificate, allowing even SSLed > communications to be monitored. What's even more fun is that > they are - at least in the US - now moving into providing > infrastructure for mobile telephony. Yes, NOT EVEN YOUR > RINGTONES ARE SAFE. > http://forum.icann.org/lists/net-rfp-verisign/msg00008.html > - you know, this is probably a little late > http://iang.org/ssl/ > - but then, this is the year of the snail > http://www.thefeature.com/article?articleid=101334&ref=5459267 > - stupid network vs stupider company
-- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'