[Discuss] free certs everywhere
Richard Pieri
richard.pieri at gmail.com
Tue Dec 23 10:30:14 EST 2014
On 12/22/2014 10:43 PM, Tom Metro wrote:
> Probably a big reason this never happened is that when CAs were being
> established, all that existed were basic certs. The extended validation
> certs and other value added services were only thought up later. Once
> the industry was established, hard to correct for that lost opportunity.
You have it backwards. The early certificate authorities like Thawte
were all about identity verification. X.509 is not an encryption system;
it uses encryption as a mechanism to prove identity. Getting a "public"
certificate -- that is, a certificate from a CA in Netscape's trust
storage -- back then was expensive and time-consuming since the handful
of extant CAs bothered with things like background checks to ensure that
certificate requests were valid. A CA didn't get listed in Netscape's
trust storage if it didn't. The proliferation of cheap, minimally
verified or unverified certificates is a product of the dot-com bubble
which came several years later.
--
Rich P.
More information about the Discuss
mailing list