[11104] in cryptography@c2.net mail archive
Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit
daemon@ATHENA.MIT.EDU (Adam Shostack)
Fri Jul 12 15:03:54 2002
Date: Fri, 12 Jul 2002 14:37:06 -0400
From: Adam Shostack <adam@homeport.org>
To: "Trei, Peter" <ptrei@rsasecurity.com>
Cc: cryptography@wasabisystems.com, cypherpunks@lne.com,
'Lucky Green' <shamrock@cypherpunks.to>
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAD11@exna07.securitydynamics.com>; from ptrei@rsasecurity.com on Fri, Jul 12, 2002 at 11:18:12AM -0400
On Fri, Jul 12, 2002 at 11:18:12AM -0400, Trei, Peter wrote:
| > I'd rather not state the exact figures. A search of SEC filings may or
| > may not turn up further details.
| >
| > > And who actually owns these numerous trusted roots?
| >
| > I am not sure I understand the question.
| >
| > --Lucky
| >
| I think I do. A 'second hand' root key seems to have some
| trust issues - the thing you are buying is the private half
| of a public key pair .... but that's just a piece of information.
| How can you be sure that, as purchaser, you are the *only*
| possessor of the key, and no one else has another copy (the
| seller, for example)?
Who cares? If I can get a key thats in the main browsers for 90% off,
who cares if other people have it?
I understand that getting the public half of the 2 main browsers will
run you about $250k in fees, plus all the setup work. If I can buy a
slightly used Ncipher box whose public key bits are in the browsers
for a 10th to a 5th of that, the extra copies of the bits aren't all
that worrisome to me.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
