nanog mailing list archives
Re: Verisign CRL single point of failure
From: "Jeff Shultz" <jeffshultz () wvi com>
Date: Fri, 9 Jan 2004 08:55:52 -0800
** Reply to message from "Stephen J. Wilcox" <steve () telecomplete co uk> on Fri, 9 Jan 2004 13:20:18 +0000 (GMT)
The consolidation of network power in a single company creates its own threat to the critical infrastructure when a single certificate expires instead of being randomly distributed among several different organizations.I'm not sure whats involved in getting your own root certs added to browser/OS distributions but theres nothing afaik that says Verisign is the sole company providing this, presumably anyone else can agree with MS/whoever to have their root certs added.. ?
I'm looking at the Certificate Authorities in my copy of Mozilla 1.5. I don't think I've added any, but these are the ones that are there: ABA.ECOM, Inc AOL Time Warner Inc. AddTrust AB America Online Inc. Baltimore Digital Signature Trust Co. Entrust.net Equifax Equifax Secure Equifax Secure Inc. GTE Corporation GeoTrust Inc. GlobalSign nv-sa RSA Data Security, Inc. RSA Security Inc TC TrustCenter for Security in Data Networking Thawte Thawte Consulting Thawte Consulting cc The USERTRUST Network VISA ValiCert, Inc. VeriSign, Inc. beTrusted And in IE 6.0 there seem to be about an equal number, many of them the same. So there appear to be alternatives to VeriSign (why is it that most of these companies have two capitals in their names?). I do remember seeing someone elsewhere complaining that he'd been trying to get his root cert added to Mozilla for two years now, so it may not be all that simple. -- Jeff Shultz Loose nut behind the wheel.
Current thread:
- Verisign CRL single point of failure Sean Donelan (Jan 08)
- Re: Verisign CRL single point of failure Scott Weeks (Jan 08)
- Re: Verisign CRL single point of failure Stephen J. Wilcox (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)