Join The Revolution!

When buying a newspaper, for what exactly are you paying? For the paper or the content within the paper?

Well, if it would be for the paper, you could probably read last years newspaper much cheaper. Or perhaps you could save yourself the hassle and simply read the toilet paper in the morning instead, it wouldn’t make such a difference, right?

But of course you pay for the content within the paper in order to read about the latest breaking news. The cost of the paper is really insignificant, in the best case the paper is eventually collected and bought back by the paper industry for a few dollars per ton, then recycled. The real value of interest is indeed the content only.

So why does the majority of public certification authorities behave as if they are in the digital paper industry? And why are you willing to pay for the digital paper of SSL certificates substantial sums, when in fact you are only interested in its content? Why not pay only for its real value contained within the certificate?

To be continued…

• Leave a comment...

Securing internal networks of enterprises is a very important task - for that matter any Intranet is. Today, the threats are manifold and are coming from various directions, being it through the corporate firewalls, VPN gateways, WiFi access points, compromised computers and laptops or employees and third party contractors, to mention only the most obvious. As Mr. Tom Albertson from Microsoft recently noted to me, security of any network shouldn’t be predicated on keeping the bad guys out - they are already there.

Many corporations rely on digital certificates issued by the public certification authorities to secure the point-to-point connections of their network. Unfortunately most public authorities are willing to sell “snake-oil” to those enterprise establishments instead of real security, mainly because the corporate managements request and ask for it. How come, the dear reader might ask, and what is this snake-oil made of?

• Continue reading or Leave a comment...

Mozilla is beating the drum for an Open Web at their new project page “Drumbeat“. Mitchell Baker, the Chair of the Mozilla Foundation has been regularly blogging about a more Open Web and what it might mean for us. There is lots of talk about openness, decentralization, freedom and public resources of the public Internet, but I’ve seen very little about security, privacy and how the lack thereof might affect The Web far more than anything else - negatively of course.

• Continue reading or Leave a comment...

In my capacity it’s my job to counter a few baseless claims which some use in order to try to spread Fear, Uncertainty and Doubt (FUD) regarding the digital certificates which StartCom issues for free without charge. This is a response to Sebastián Bortnik, David Harley and Dan Raywood regarding their articles I found recently on the web.

First of all I must note that I basically agree with the two former reporters that SSL secured web sites and their digital certificates don’t say anything about the trustworthiness and intend of the web site operator. I have been saying the same for a long time already, this isn’t news. Even the Extended Validation certificates, which StartCom also issues, can’t provide any guaranties about the intentions or even if the organization will be around tomorrow (think Lehman Brothers).

• Continue reading or Leave a comment...

All those superlatives reflect really what the StartCom Certificate Authority really tries to present and deliver to its subscribers. Considering that StartCom provides legitimate, renewable digital SSL certificates with a validity period of one year free of charge, it’s hard to argue that it can get any cheaper. We don’t have to argue - they have the right price and thousands are making use of this service.

• Continue reading or Leave a comment...