IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Jay Sulzberger]

On Wed, 10 Jul 2002 jamesd at echeque.com wrote:

>     --
> On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
> > Thawte has now announced a round of major price increases.  New
> > cert prices appear to have almost doubled, and renewals have
> > increased more than 50%. While Thawte proclaims this is their
> > first price increase in five years, this comes at a time when we
> > should be seeing *increased* competition and *lower* prices for
> > such virtual products, not such price increases.  But of course,
> > in an effective monopoly environment, it's your way or the
> > highway, so this should have been entirely expected.
>
> IE comes preloaded with about 34 root certificate authorities, and
> it is easy for the end user to add more, to add more in batches.
> Anyone can coerce open SSL to generate any certificates he
> pleases, with some work.
>
> Why is not someone else issuing certificates?
>
>     --digsig
>          James A. Donald

Because the buyers of certificates have a different model of what they are
buying.  They neither know, nor can they care, because they do not know,
about the subtle "protocols" published over the last twenty-five years that
supposedly, if executed carefully, provide certain "guarantees".  No.  The
customers know that to get stuff they want, such as permission to put the
label "Your credit card information is secure.  We use Thawte Certificates,
Thawte, the Guarantor, your Rock of Assurance." on their PAY HERE NOW web
page, they must buy a certificate from Thawte, and not from Captain Gull
Enterprises, Division of Certificates.  The customer knows that crypto is
subtle, and only a well known large corporation can be trusted.  After all,
they have the resources, and the name, and if you do not use them, and
something goes wrong, well perhaps a canny lawyer might be able to show
that you were not using the industry standard, which might lose you the
case.

oo--JS.