W3C home > Mailing lists > Public > www-talk@w3.org > January to February 1996

apache and ssl/verisign

From: Gintaras Richard Gircys (GG148) <Rich.Gircys@empac.com>
Date: Fri, 26 Jan 1996 15:51:40 -0800
Message-Id: <199601262351.XAA16840@kitty.oester.com>
Cc: www-talk@w3.org
To: Matthew James Marnell <marnellm@portia.portia.com>
> :>There are also SLL versions of Apache available.
> 
> Wouldn't put too much credence in that.  Yes, there is an SSL
> version, I paid the $495 for it, but those *@#$&*@#$% over at
> VeriSign will not sign certificates for it.  The sales drone
> on the phone said they couldn't do anything with Apache until
> someone in charge of marketing at Apache called so they could
> work out the marketing details.  The funny thing is that Apacke

this isn't quite accurate. anyone can work with verisign to have their
web server certified by verisign - think part of the problem with
apache is that they use rsaref and not bsafe the commercial product.

so bottom line is that apache hasn't convinced veisign of their server's
integrity according to verisign standards.

> is a free implementation WWW server.  It's just a bunch of
> great guys that write it in their spare time, there is no marketing
> dept.  Anyway, either VeriSign needs to smarten up, or there
> needs to be some other signing agency.  I wasn't aware until
> all this happened that VeriSign was a part of RSA, Inc.
> 
verisign is not part of rsa - they are rsa business partners - anyone
with a few bucks can become an rsa business partner. there are many rsa
business partners.

verisign does not have to smarten up - they seem to be working towards setting
up a real bona fide security system - it does cost bucks.

what is needed is a signing authority with less stringent requirements, and 
users being aware of the consequences. it simple choice based on what you pay 
for.

yes, another signing auth is needed - maybe verisign will offer levels of
certified security, but what is currently being done by verisign is correct
vis-a-vis any number of security issues/requirements.

have fun,

rich
Received on Friday, 26 January 1996 18:51:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:19 GMT