nanog mailing list archives
Re: Verisign CRL single point of failure
From: Sean Donelan <sean () donelan com>
Date: Fri, 9 Jan 2004 12:25:01 -0500 (EST)
On Fri, 9 Jan 2004, Jeff Shultz wrote:
So there appear to be alternatives to VeriSign (why is it that most of these companies have two capitals in their names?). I do remember seeing someone elsewhere complaining that he'd been trying to get his root cert added to Mozilla for two years now, so it may not be all that simple.
Yep, and several Universities have their own root certificates their campus users can add to their local browsers independent of other CA's. Nevertheless, several SSL surveys say Verisign (and Verisign controlled companies) control a super-majority of the certificates actively in use on the Internet. So if you are a critical infrastructure planner, you need to balance whether you use the domainant market player or several different CA's, or try to be your own CA. You may even want to obtain certificates from two different CA's in case one of them fails.
Current thread:
- Verisign CRL single point of failure Sean Donelan (Jan 08)
- Re: Verisign CRL single point of failure Scott Weeks (Jan 08)
- Re: Verisign CRL single point of failure Stephen J. Wilcox (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)