'RE: [load balancing] Question about Wildcard certificates, DNS CN'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loadbalancing-l
Subject:    RE: [load balancing] Question about Wildcard certificates, DNS CN
From:       Alex Moore <almoore () verio ! net>
Date:       2002-12-19 22:07:03
[Download RAW message or body]

Shawn,

aaaah.  I hadn't actually considered it from that perspective, the other
emails on this subject since have also been interesting.  And I agree
with you that there is doubtful any way to enforce the purchasing of
licenses for all backend servers when using an acceleration device,
especially when the communication that occurs is non-ssl or self signed.

Of course all this talk of them changing their restrictions in order to
sustain revenue brings up the topic of why do we trust these companies
anyway?  The only reason is that they have managed to get their names
into all the browsers by default.  They are purely commercially
orientated companies, sure they may be big, but as we have seen from
financial scandals like Enron, big is not always trustworthy.

Some interesting reading is the Verisign Relying Party Agreement, which
states that "YOU ARE SOLELY RESPONSIBLE FOR DECIDING WHETHER OR NOT TO
RELY ON THE INFORMATION IN A CERTIFICATE", this and other interesting
reading is here:

http://www.verisign.com/repository/

The problem is that installing common browsers means you have and trust
these CA root certificates by default (whether you personally trust them
or not), obviously you can opt out, and no doubt MS/Netscape etc EULAs
excuse them of any wrong doings...but still...why should I trust
Verisign?

An interesting discussion the the legal aspects of CAs and Certs
(including a small section on actually trusting them) is here:

http://www.ilpf.org/groups/ca/app4.htm

-Alex Moore (getting off topic :))


On Wed, 2002-12-18 at 16:53, shawn@nunleys.com wrote:
> Alex,
> 
> The legality is proscribed by the usage agreement that you accept when you 
> begin using the certificate.  This agreement is located at:
> 
> http://www.verisign.com/repository/agreements/secureSite.html

Privileged/confidential information may be contained within this 
communication. If you are not the intended recipient of this 
communication, please destroy it without copying, disclosing or 
otherwise using its contents and please promptly advise the sender.
Any views or opinions expressed are solely those of the author and
do not necessarily represent those of NTT/VERIO. Thank you. 

____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic