[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-08 09:28:54

Jeffrey Hutzelman <jhutz(_at_)cmu(_dot_)edu> writes:

Note that charging a fee for this service is not absurd.  Lots of people
(consumers) pay fees for up-to-date lists of virus signatures, phishing
sites, spam-blocking rules, and so on.

Conceptually it's not absurd, but how are you going to persuade a billion-odd
users that they need to pay for something that they've been conditioned to get
for free?  Will you promise to indemnify them against identity theft (via
phishing) if they sign up to your service?  What value-add will you offer that
will convince the drool-and-click masses to pay for your service?