httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: Sioux (good grief...)
Date Wed, 27 Mar 1996 05:36:23 GMT
> I'd think so too.  I'd think Verisign would place *greater* trust in 
> software whose source code was public, and thus easily scrutinizable, 
> over code whose source was restricted.  They've already signed certs for 
> one server whose code is public.

	Yes, one would think that VeriSign, who tries to sell
themselves as the source of trust on the net, would be reasonable
about trusting available source products. One would be wrong, though.

	Actually, they only agreeed to sign certs for my apache-ssl
after I agreed to not ship SSLeay source with the product. So your
statement about "one server whose code is public" is correct insofar
as the code I use is easily available from ftp from australia, but I
don't ship the source with the product...

	VeriSign and sensible action don't fit well in the same

	(Uh, these comments are -private-.. I don't think VeriSign
would be happy if i badmouth them in public anymore, and may decide to
screw me over. Thanks.)

Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376 (or login as "guest")

View raw message