At 5:45 PM +0000 2/4/05, Dave Green wrote:

mmm, petits filous

Everyone else likes to worry about Google's gathering conflict of interests, but Verisign's S.P.E.C.T.R.E.-level skills still take some beating. This week, orbiting crypto analysts Ian Grigg and Adam Shostock belatedly pointed out to ICANN that perhaps Verisign couldn't trusted with .net. Why? Well, Verisign these days offers both top level domains and SSL certificate authentication. They also, with their NetDiscovery service - sell ISPs a complete service for complying with law enforcement surveillance orders. So, if an American court demands an ISP wiretap its customers, and the ISP turns that order over to Verisign to do the dirty: well, Verisign can now fake any domain you want, and issue any temporary fake certificate, allowing even SSLed communications to be monitored. What's even more fun is that they are - at least in the US - now moving into providing infrastructure for mobile telephony. Yes, NOT EVEN YOUR RINGTONES ARE SAFE. http://forum.icann.org/lists/net-rfp-verisign/msg00008.html - you know, this is probably a little late http://iang.org/ssl/ - but then, this is the year of the snail http://www.thefeature.com/article?articleid=101334&ref=5459267 - stupid network vs stupider company

-- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'