jamesd@echeque.com writes:
On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
Thawte has now announced a round of major price increases. New cert prices appear to have almost doubled, and renewals have increased more than 50%. While Thawte proclaims this is their first price increase in five years, this comes at a time when we should be seeing *increased* competition and *lower* prices for such virtual products, not such price increases. But of course, in an effective monopoly environment, it's your way or the highway, so this should have been entirely expected.
IE comes preloaded with about 34 root certificate authorities, and it is easy for the end user to add more, to add more in batches. Anyone can coerce open SSL to generate any certificates he pleases, with some work.
Both Netscape 6 and MSIE 5 contain ~100 built-in, automatically-trusted CA certs. * Certs with 512-bit keys. * Certs with 40-year lifetimes. * Certs from organisations you've never heard of before ("Honest Joe's Used Cars and Certificates"). * Certs from CAs with unmaintained/moribund websites ("404.notfound.com"). These certs are what controls access to your machine (ActiveX, Java, install- on-demand, etc etc). * It takes 600-700 mouse clicks to disable these certs to leave only CAs you really trust. (The above information was taken from "A rant about SSL, oder: die grosse Sicherheitsillusion" by Matthias Bruestle, presented at the KNF-Kongress 2002).
Why is not someone else issuing certificates?
How many more do you need? Peter.