North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Verisign CRL single point of failure
On Fri, 9 Jan 2004, Jeff Shultz wrote: > So there appear to be alternatives to VeriSign (why is it that most of > these companies have two capitals in their names?). I do remember > seeing someone elsewhere complaining that he'd been trying to get his > root cert added to Mozilla for two years now, so it may not be all that > simple. Yep, and several Universities have their own root certificates their campus users can add to their local browsers independent of other CA's. Nevertheless, several SSL surveys say Verisign (and Verisign controlled companies) control a super-majority of the certificates actively in use on the Internet. So if you are a critical infrastructure planner, you need to balance whether you use the domainant market player or several different CA's, or try to be your own CA. You may even want to obtain certificates from two different CA's in case one of them fails.