Re: Would you like to join us in co - promoting your Linux solutions

["dodobh@xxxxxxxxxxx" <dodobh@xxxxxxxxxxx>]

Suresh Ramasubramanian spewed into thee ther:
>> security - present me your Verisign certificate or I won't accept 
>> mail from you :)
Hmmm, I don't think I will trust Verisign. Definitely not after they issued Microsoft certificates to two pretenders.
 
> Verisign???? Aren't there any gpl'd certificates?  [sure, get openssl and roll
> your own certificate ... but still ...]
Unhappily, nope. Getting a certificate means that the trusted third
party has to verify who you are, and that costs money.

Actually, I was thinging of a PGP like scheme for site certificates
also.
The scheme goes: One site checks out that another site has security policies in place, they are followed, is checked regularly for
vulnerabilities, and that the privacy policy is actually followed
(unlike Thawte which merely verifies that such a policy exists).

Since this should all be part of a normal security policy, no additional expenditure should be required to get a key (Just a cert from your security auditor which will be a pre-requisite to get the
key).

Sure, it would hurt most browsers out there, but I don't care :)
I do prefer being able to check on the sites that I visit, and the amount of trust I put in them.
Nothing in the current scenario allows me to do that.

Devdas Bhagat



------------------------------------------------------------
WIN $1,000,000 Play Nettaxi Lotto
http://sweeps.nettaxi.com