jp10558
Premium
join:2005-06-24
Willseyville, NY
| reply to Mele20
Re: Comodo Continues to Damage It's Reputation
said by Mele20  :I don't get your point. As a user, I want to know if the website I am going to give my personal information to is actually the website I think it is. That is the first thing I need to know and second is that my information is encrypted. My point is you're doing the equivelent of using a hammer to pound in a screw. You're taking an existing tool, and deciding it should do something other than what it does, and then blaming the hammer vendor for not selling you a screwdriver. This seems both counterproductive and, to put it bluntly, stupid.
You have obvious solutions, namely, use the right tool for the job you want to do - in this case, EV Certificates.
I suppose you could distrust ALL DV Certificates, but to randomly pick one company to hate on seems counterproductive to me. The major problem I see is I'm not really sure how you'd distrust every certificate but EV ones automatically in a browser, but you could just look for the green bar instead of the yellow one.
--
Opera 9.62(Build 10467); Windows XP Pro SP3;Intel C2Q6600; 3GB DDR2 1066; 1M/128k DSL; Antivir Personal; Comodo Firewall Pro 3;Proxomitron 4.5j Sidki 2008beta,GPG ID:0x0A1C6EE3 |
|
ashrc4
join:2009-02-06
australia
| reply to jp10558
said by jp10558 :In the real world, your arguement is like saying Colleges, Local Libraries and clubs among others shouldn't be able to have membership/ID cards, because some people don't realise that they're not as good an identifier as a Passport. I'd have said drivers license, but many states drivers license isn't any better or harder to forge than a College ID. Certs don't have the power to prosecute know offenders. They claim responsibilty for being able to "pull a cert" 
Fraud by deception is a huge leap from a college id (which insidently requires and drivers license to obtain). The "fraud by deception" is only aided by issuing a cert a rouge trader.
I'm sure banks would wish to encourage more security.
I'm sure other certs would prefer not to subscribe to the "well rouges will get one anyway" defense. When you're license is taken from you it makes it that little bit harder to obtain another one (even with a passport)  unlike obtaining another cert. 
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to jp10558
I don't get your point. As a user, I want to know if the website I am going to give my personal information to is actually the website I think it is. That is the first thing I need to know and second is that my information is encrypted. Of course, I RARELY give personal information to any site. If I have to do it, which I don't want to have to do (and if forced I just make up information) then the most important thing is to know if the site is who it says it is. When Eddy Nigg was able to buy a cert for mozilla.com that broke all trust in certificates....at least the junk ones issued by Comodo. The rule I was taught in classes before I ever got my first computer still holds: never, ever tell the full truth on the internet unless in a very rare circumstance. It is rare beyond rare that I would ever want give personal information to some mom and pop site on the internet. It is extremely rare that I would do that for a large, well known site so, I certainly would not do it for a minor player. I rarely even accept any cookies and I never see an ad.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
jp10558
Premium
join:2005-06-24
Willseyville, NY
| reply to Mele20
said by Mele20 :said by Tordurbar :When properly notified they quickly pull bad actors certs. I don't want to lose the ability for a little guy to provide encryption. So I don't see a need for change other than to get people to STOP thinking encryption means trust. I don't think little guys should be in this game in the first place. I think you are the one engaging in abuse of this system by wanting to provide encryption to a little site for your friends to visit. That is NOT what this is supposed to be about. If certs have nothing to do with TRUST then there is no reason whatsoever to have the system in place. It should be torn down and I have to assume that is what you are advocating because anything else makes no sense by virtue of your own statements. Are you insane? You think that only large corporations deserve private communication on the internet? Remember that certs (in general) are used for secure e-mail, programs like LogMeIn, and various web based programs to protect credentials (Think Network Monitoring systems like Zenoss, where if you snarf the credentials on the wire because small companies using OSS "shouldn't have certs" you can now p0wn the network) as well as just provide the equivelent of an envelope against snoopers on the net.
In a free country, why wouldn't the default be private communications (encryption on the net)? In fact, IIRC IPv6 is going to really enable IPSec and ?might? default to all communications being encrypted.
In the real world, your arguement is like saying Colleges, Local Libraries and clubs among others shouldn't be able to have membership/ID cards, because some people don't realise that they're not as good an identifier as a Passport. I'd have said drivers license, but many states drivers license isn't any better or harder to forge than a College ID.
I think it's unfortunate that the setup for the internet decided to use certificates rather than something more like PGP Key Signing as an option so there wasn't really any "certification" for uses that don't require it. But here, just because a vendor was to offer ID services to the colleges, library, clubs and made Passports doesn't really mean you should distrust that vendor because the College ID isn't as hard to fake or get illegitametly as the passport. That's just crazy IMO.
--
Opera 9.62(Build 10467); Windows XP Pro SP3;Intel C2Q6600; 3GB DDR2 1066; 1M/128k DSL; Antivir Personal; Comodo Firewall Pro 3;Proxomitron 4.5j Sidki 2008beta,GPG ID:0x0A1C6EE3 |
|
ashrc4
join:2009-02-06
australia
| reply to Tordurbar
Sorry for the late reply.
said by Tordurbar
@ asherc4
Massive misquote there.
You quoted Melih's quote of Donna's post of what Verisign said.
[/BQUOTE :Yep you got me there. Quite a good one  But hang-on in what context was the misquote made?Hmm Should i explain that again...perhaps you missed it. Here it is again. "If Melih had just come out and publicly stated the below quote from the beginning (in regards to the cert issues) then gone on to re-establish it's responsibilty in-regards to future direction of cert developement. Then we would have had an informitive insight to the issues at had. Unfortunatley he continues to treat the issues as a platform for further attacks on those that wish to call for such." I actually feel you are doing Comodo a dis-service somehow in making further light of these issues. Although in the scheme of things you would probably fit right in in the Comodo PR department  I'm not sure it qualifies you to make any assumptions on my behalf though Quote "whom the fools really are! - Yes, and it becomes clearer with each misguided blog posting."  Quote ....."Why instead do they single out Comodo from all the CA's and try to hold their feet to the fire, for certs that imply no more than encryption/valid domain, the bad guys are the bad guys in this." O.k. i understand your reasoning for this for this statement. It seems obvious that Comodo would prefer that everybody finds the notion of what a lesser cert currently represents in their eyes. And to further future-proof their stance they are encouraging a more "trusted" interpretation of a more complex expensive cert. Quote ....."Bad actors can get DV certs, and drivers licenses and credit cards and cell phones and ISP's and Domain Hosts and whatever else they want, pretty much. Hello real world. O.k. so who issues Drivers Licenses then. The "wild cowboys"  of the cert trade. No it's a serious issue and one would expect responsible parties to do such. Certs are no different. The people that issue them should lift there game or face loosing control of there issue. Although the internet is global the country in which the businesses are registered are not and legislateing company's to require a "we trust you to receive our own commerce cert whilst further requiring "Browsers" to apply for their decryption of a particular endorsment could be more lucrative, more trusted and finally more accurately designed both in it's implimentation and function. This is more of a "Hello real world" view. "......i sincerly hope they no longer continue to have influence in this respect." I was not suggesting that Comodo should go out of business. just i see no evidence that they have the intergrity to continue on behaving the way they do presently. The current product fails to meet the potentsial of it's design and is not much more than a glorified cookie or token. "The better solution is to educate users on the new reality." Couldn't agree with you more. --
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) |
|
tradnav
join:2005-02-25
UK
| reply to hayc59
Seems to me Tordubar that whilst I admire your guts and (rightly or wrongly) dedication to Comodo (and I'm certainly a proponent of free speech), that you're on a hiding to nothing on this forum.
It may be considerably easier on yourself if you buy a hair shirt and take up self-flagellation! The vast majority (including me) are not convinced by your excuses...(oops!, sorry, explanations).
One word (mentioned by mers2).....integrity.
Regards |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to hayc59
Just a side note to add, I read the blog that smokey linked to, giving Mike's reasons for not adding the Ask Toolbar. As long as there is an option not to install the toolbar, I won't condemn those security companies, including Comodo that have it - but I will say I am extremely disappointed at the number of security companies that are going with this model. None of the software I use has thus far sunk to this level and I admire venders like OA, WinPatrol and others that have kept their integrity 100% intact.
--
"The best proof there is intelligent life in outer space is the fact it hasn't come here." Arthur C. Clark 1917-2008
Team Discovery
|
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
| reply to Tordurbar
Yup, Comodo damaged their own rep without any help from outside sources.
Methinks you doth protest too much. Not to mention that unlike most of the folks in this thread the only "helping" I've ever seen you do is trying to protect Comodo, not it's users. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | reply to hayc59
Said by Tordubar
Bloggers Continue To Try To Damage Comodos Rep.
------------
Oh come on they being Melih did that all on his own
no help from anyone...get real sunshine?? LOL |
|
Tordurbar
join:2009-07-12
| reply to hayc59
Now that we have reached the point of dissecting quotes,
over analyzing off the cuff analogies, and a mildly sinister PM.
(you know who you are) my response -
Careful what you ask for there, sunshine.
It should be fairly obvious to anyone that has actually followed this "educational thread" titled "Comodo Continues To Damage It's Reputation" and plows first through pages on how to remove the evil Comodo from their PC's. That Perhaps a more fitting and newsy title may have been.
Bloggers Continue To Try To Damage Comodos Rep. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to Tordurbar
said by Tordurbar :Why take a drunk drivers license or pull a bad guys cert, just seems like it's the right thing to do. The difference is pulling a drivers license of someone DUI & issuing them one while their drunk. |
|
Tordurbar
join:2009-07-12
| reply to hayc59
Why take a drunk drivers license or pull a bad guys cert, just seems like it's the right thing to do.
Out of context highlighted quotes, are relative to treating all low level certs with the suspect caution they deserve.
No Contradiction. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to Tordurbar
said by Tordurbar :Your kidding right? No, what do you find amusing about my post? |
|
Tordurbar
join:2009-07-12 | reply to SnowyOne
Your kidding right?
Otherwise two words.
Obtuse and Grasping. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
1 edit | reply to Tordurbar
said by Tordurbar :In the face of facts, logic, and the reality on the ground. I'm all for facts, logic & grounded logic reality.
said by Tordurbar :1. "I on the other hand believe that everyone has a right to privacy and security through encryption." 2. "DV certs are issued without checks. So again it really doesn't matter who has one, Do Not use it as an indicator of who or Trust." 3. "...and like all the other CA's they will pull bad guys DV certs when properly notified." It was only a matter of keeping you talkng long enough to get you contradicting yourself.
Why pull a sites cert if your quotes #1 & #2 are true? |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | reply to hayc59
Actually you have tried to turn this from an educational
thread to another joke by Melihs F.B's and I for one do not appreciate it at all!! |
|
Tordurbar
join:2009-07-12
| reply to hayc59
I am indeed happy that I have given you the gift of joy.
If I had not used the word hater, or made the MVP quip.
Would we not still have ended up here, with you calling me fan boi.
In the face of facts, logic, and the reality on the ground. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to Tordurbar
said by Tordurbar :and like all the other CA's they will pull bad guys DV certs when properly notified. Ole!Ole!Ole! |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to hayc59
@
Tordurbar
Oh you amuse me to the fullest
@
Tordurbar
Why do all you fan boys go to the hater part?
and after reading your little comment about MVP's
which was brought to my attention, what ever sense I thought you had is now gone!! and I do know your other usernames! thanks for stopping in...you have become reduntent
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget |
|
Tordurbar
join:2009-07-12
| reply to hayc59
Ok,
@ hayc59
quote - "Actually we and everyone online really
know who/whom the fools are!"
Define we?
Everyone online? - fairly grandiose delusion.
who/whom the fools really are! - Yes, and it becomes clearer with each misguided blog posting.
At least to those thinking with their rational parts.
I know my stuff too, apparently better.
@ asherc4
Massive misquote there.
You quoted Melih's quote of Donna's post of what Verisign said.
Only moments later to be embarrassed by them replacing the rogue sites cert
that Comodo had just pulled.
Although I agree, in an ideal world with out those who would abuse the system.
The good old pad lock could have somehow been taken differently.
Other CA's, not Comodo introduced DV certs to the marketplace.
There went any credibility the padlock had, other than to verify an encrypted connection.
In my view - The Pros
- Encryption is readily available to the masses, cheap.
- Business wise a good $ move for the CA's. they opened up a huge new market.
- Because this move blew the lid off whatever trust people thought they had in the padlock.
We now have a new level of Trust in the who/encryption/page validity available, in the form of EV certs. Costly in comparison but there are real checks involved.
It could be a win win if some bloggers could accept the new reality.
Our innocence won't be restored no matter how many times we click our heels or how hard we wish.
Why instead do they single out Comodo from all the CA's and try to hold their feet to the fire, for certs that imply no more than encryption/valid domain, the bad guys are the bad guys in this.
The refrain is that Comodo is in the security business and should not endanger users by issuing DV certs to rogue sites.
Newsflash - Comodo is first and foremost a CA and as such DV certs are dispensed in similar fashion to all other CA's.
That's no excuse for rogues, and like all the other CA's they will pull bad guys DV certs when properly notified.
They give away a wide range of free security software, and offer some paid services in support of this.
This is establishing a web presence.
Because their Free software is really quite decent, they have stepped on a lot of toes, loads of hard feelings to go around.
I'm positive there's none of that at play with any of these actors though.
The Cons
- Obviously first and foremost given the new reality. Due to ease of access. Bad actors can get DV certs, and drivers licenses and credit cards and cell phones and ISP's and Domain Hosts and whatever else they want, pretty much. Hello real world.
So the brainwave solution is to attack Comodo, come on price yourself out of the market, unilaterally raise the bar on getting a DV cert, come on bleed money for the good guys, take one for the team and go out of business.
Where as one of, or all of the above taking place would not change the cyber landscape 1 iota.
The better solution is to educate users on the new reality.
Use your Blog-o-powers to teach, rather than to tear down.
Though I guess even fabricated controversy is good for the hit count/fame. Hmmm.
@ danny9
I threw hater's out there as a generality, in reference to the hater's, it is freely anyone's choice to feel included or excluded from this group, based on their own sensibilities.
@ mers2
My time is mine to spend.
My only purpose for being here is that this thread and several like it, as well as a couple of blogs from where this crud stems, have seriously offended my sense of logic, and irked the hell out of my sense of right and wrong.
I do in fact devote a great deal of my time to helping others, and here is where I happen to have chosen to deal with my pain, re: the misguided borderline slanderous crud.
@ Cudni
I know you don't know me by this handle.
Please accept my apology for attitude, I'll work on it if further posts become necessary. |
|
