From the Netscape home page:
"Netscape also announced FastTrack Server 2.0, an entry-level Web server that combines all the new capabilities of the next-generation Netscape Servers into one easy-to-use package. FastTrack comes with SSL security, Java and JavaScript support, and Netscape Navigator Gold content-creation software - for only $295." There are two reactions we can have to this. On the one hand, it's a good thing because it's going to make SSL servers a lot more popular. But at the same time, it raises some serious questoins about how Netscape plans on dealing with competitors. It's not clear whether or not the $295 price tag includes a certificate or not. But is it coincidental that people who want to use alternative technology like apacheSSL will have to pay the same price for the cert along as Netscape's customers will have to pay for a plug and play package? (The rest of this post is based on the assumption that you do get a cert with the "fast-track" server. That's not clear, so if I'm wrong, I apologize to the folks at Netscape.) There are two things keeping an organization like c2.org from competitng with Netcape on price: verisign and the licensing fees on rsaref. Both companies have close ties to Netscape. It's imperative that we challenge Netscape's control over the CAs. Obviously they can preinstall whatever CAs they want in their browsers. But that doesn't mean we're powerless. I think we ought to: (1) form a new non-profit low cost CA (2) make a concerted effort to explain the issue to the public and encourage people to ok the new CA. (3) try to create a sense that using a preinstalled CA is a form a collaboration (this will be hard, but I think it's true). If enough people will use a new CA, then it will be as good as one of the pre-installed ones. We can't let this sort of power concentrate in Netscape's hands. It's not a question of whether or not they're good people. It's just a bad development for everyone. -- Alex Strasheim, alex@proust.suba.com