-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 13 August 2004 10:11 am, Mark C. Langston wrote:
I don't see how purchasing an ssl certificate has anything to do with
reputation. Reputation is based on observed behavior over time for a
given entity. That entity can be determined, observed, and routed
around (if necessary) without an SSL certificate.
The only benefit of buying an SSL certificate is money in Verisign's
pocket. This isn't a "Verisign is evil" rant. This is a "trying to
make a profit off reputation and/or trying to confer a good reputation
by spending money is an extremely poor idea" rant.
If you think spammers can't afford $300, you're mistaken.
SSL certificates have nothing to do with reputation. It has everything to do
with accreditation, however. Accreditation and reputation are the two next
steps.
When someone buys an SSL certificate from Verisign, they are providing more
information than what went in to the DNS purchase, plus they have basically
put a non-refundable bond up for $300 that they won't abuse their domain.
If they do go ahead and start spamming, then they are throwing the $300
away because the accreditation they bought will be overwhelmed by their
negative reputation. If we rely on valid SSL certificates as part of our
accreditation system, it will help raise the cost of spamming.
If you choose not to recognize the Verisign accreditation, or if you chose
to rate it *negatively* that is your choice. The same goes for public
reputation services.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBHPt6BFeYcclU5Q0RArUkAKDl1HiMYpWsGEZYZ5AtB1L9Mau7rACfVwzg
esaK4gxj2WehpB+RHBtNh/M=
=zdaa
-----END PGP SIGNATURE-----