- From: Gintaras Richard Gircys (GG148) <Rich.Gircys@empac.com>
- Date: Fri, 26 Jan 1996 15:51:40 -0800
- To: Matthew James Marnell <marnellm@portia.portia.com>
- Cc: www-talk@w3.org
> :>There are also SLL versions of Apache available. > > Wouldn't put too much credence in that. Yes, there is an SSL > version, I paid the $495 for it, but those *@#$&*@#$% over at > VeriSign will not sign certificates for it. The sales drone > on the phone said they couldn't do anything with Apache until > someone in charge of marketing at Apache called so they could > work out the marketing details. The funny thing is that Apacke this isn't quite accurate. anyone can work with verisign to have their web server certified by verisign - think part of the problem with apache is that they use rsaref and not bsafe the commercial product. so bottom line is that apache hasn't convinced veisign of their server's integrity according to verisign standards. > is a free implementation WWW server. It's just a bunch of > great guys that write it in their spare time, there is no marketing > dept. Anyway, either VeriSign needs to smarten up, or there > needs to be some other signing agency. I wasn't aware until > all this happened that VeriSign was a part of RSA, Inc. > verisign is not part of rsa - they are rsa business partners - anyone with a few bucks can become an rsa business partner. there are many rsa business partners. verisign does not have to smarten up - they seem to be working towards setting up a real bona fide security system - it does cost bucks. what is needed is a signing authority with less stringent requirements, and users being aware of the consequences. it simple choice based on what you pay for. yes, another signing auth is needed - maybe verisign will offer levels of certified security, but what is currently being done by verisign is correct vis-a-vis any number of security issues/requirements. have fun, rich
Received on Friday, 26 January 1996 18:51:44 UTC