IP: SSL Certificate "Monopoly" Bears Financial Fruit
David Howe
DaveHowe at gmx.co.uk
Thu Jul 11 05:21:31 PDT 2002
jamesd at echeque.com <jamesd at echeque.com> was seen to declaim:
> IE comes preloaded with about 34 root certificate authorities, and
> it is easy for the end user to add more, to add more in batches.
> Anyone can coerce open SSL to generate any certificates he
> pleases, with some work.
> Why is not someone else issuing certificates?
Mostly because of the alarming things IE/NS/Whatever says if you haven't
already got the root cert in your browser when you visit a site relying
on a "homebrewed" cert. Certainly some time ago, the OpenCA project were
giving away ssl certs for free to all comers; the software they produced
is open source (and at sourceforge) so anyone could open their own CA
with whatever authentication criteria they wish (and indeed, the owner
of news.securecomp.org (nntp) is in the early stages of a X509-based CA
on a hierachical but distributed model (ie, regional CAs you can apply
personally to with proof of ID)
Doesn't help much when the sheeple won't trust anything that doesn't
come pre-installed by microsoft though.
More information about the cypherpunks-legacy
mailing list