|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Verisign CRL single point of failure
On Fri, 9 Jan 2004, Stephen J. Wilcox wrote: > I'm not sure whats involved in getting your own root certs added to browser/OS > distributions but theres nothing afaik that says Verisign is the sole company > providing this, presumably anyone else can agree with MS/whoever to have their > root certs added.. ? There is nothing that says everyone must use BIND software either. Verisign frequently points out the risks of having critical infrastructure distributed among several independent organzations, and how it would be much better if a single company (i.e. Versign) controlled it. But when 95% of the market depends on a single organization, even normal problems are magnified. Certificates normally expire, software normally has bugs, operators normally make mistakes. When those normal things happen, if the organization controls almost all of the market, mistakes impact almost all of the market.
|