SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to EGeezer
Re: The certificate industry marketing game
said by EGeezer  :However, the existence of the certificate, even if issued by Verisign's highest level, provides me no reason to believe that sending my credit card and billing information to AhmedTheNigerianBarrister.com over SSL is a good business decision. That's the salzan approach to certificate trust. 
Treat all levels of certs as being equal.
That should prevent user grief provided that the cert with the least amount (or zero amount) of trust is used as the model across the board.
That approach, if widely adopted by users would make the EV cert no more or less valuable than a free cert.
Certificate issuers would have a shit if this truly became the norm. How long would it take ecommerce sites to figure out that it didn't matter whether they had an expensive cert or a fly by night cert? |
|
Tordurbar
join:2009-07-12
| Agreed that the norm should be, give the least amount of Trust across the board.
And that should be understood by all Encryption does not equal Trust.
Whoa the grief that would save!!!
Even in that environment I believe that the more expensive EV certs will have some value to large entities engaged in e-commerce.
Because the theory is that with the cost comes insurance, and all the extra back checking is meant to ensure the bad actors can't get them.
So even though I wouldn't Trust a stranger based solely on a cert
having the high value one is at least something else to check when considering such a decision.
Me Thinks. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to Tordurbar
Re: Comodo Continues to Damage It's Reputation
said by Tordurbar :You realize they are pushing EV certs there ... right? By "there" I presume you refer to the link I provided?
»www.instantssl.com/ssl-certifica···ssl.html
My browser brings me a page that's about SSL & Comodo's 'instantSSLcert@$69.95yr & not about Comodo's EV cert@$359.00yr
Directory transversal brings my browser to the instantSSL cert home page, not the EV cert page.
Original link:
»www.instantssl.com/ssl-certifica···ssl.html
Further up original link:
»www.instantssl.com/
I can understand Comodo using it's instantSSL product as a way of pushing it's more profitable EV Cert product, but the link I provided is relevant to Comodo's instantSSL Cert. |
|
Tordurbar
join:2009-07-12 | Hey SnowyOne,
I meant that, in context, this reference to "displaying trust indicators"
Is meant in reference to green bar of EV SSL certs.
Just below your quoted paragraph. In images. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| That page is Comodo's "What is SSL" FAQ page which is broken into 3 sections
1. What is SSL?
2. Why do I need SSL on My Site?
3. How Does SSL Work?
Your reference goes to #3 & by itself can be seen as a push for the Comodo EV Cert but my comment went to gist of the entire page, not to a single reference within subsection #3 & a slight, passing reference to the possibility of some users seeing a green cert in subsection #1 when an EV cert is in place.
Here's the entire contents of subsection #2 again:
"Why do I need SSL on My Site?
The Internet has successfully created many new global business opportunities for enterprises conducting online commerce. However, that growth has also attracted fraudsters and cyber criminals.
The increasing awareness of online fraudsters and cyber criminals has presented an opportunity for ecommerce providers to capitalize on consumer fears by displaying trust indicators. Just like the real world, people need to be confident before they proceed down an unknown path.
subsection #2 clearly refers to "trust indicators" with Zero reference to Comodo's EV Cert. It's also the only subsection to make Zero reference to the Comodo EV Cert but Comodo still expects a user to make the connection that trust indicators" is not to be associated with a Comodo site cert? Why not just say that instead of leaving it up to the users imagination/interpretation?
If it's true that this a quality FAQ & the best that Comodo could produce, were screwed, really. |
|
Tordurbar
join:2009-07-12
| Rather than try to explain the page you reference.
Here free SSL you get the padlock. The only mention of Trust other than trusting your encryption is if you upgrade to an EV type of cert.
»www.instantssl.com/ssl-certifica···ate.html |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| said by Tordurbar :Rather than try to explain the page you reference. That's a decision we can both agree with. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Tordurbar
Re: The certificate industry marketing game
said by Tordurbar :Agreed that the norm should be, give the least amount of Trust across the board. And that should be understood by all Encryption does not equal Trust. Whoa the grief that would save!!! Even in that environment I believe that the more expensive EV certs will have some value to large entities engaged in e-commerce. Because the theory is that with the cost comes insurance, and all the extra back checking is meant to ensure the bad actors can't get them. So even though I wouldn't Trust a stranger based solely on a cert having the high value one is at least something else to check when considering such a decision. Me Thinks. "This site attempts to identify itself with invalid information".
"Click confirm security exception if you want to Trust the site."
It is ALL about Trust and Identity as far as the browsers would have you believe. You should be complaining to the developers of the browsers not in a user community where folks are simply doing what the browser developers have instructed. Sure, encryption does not equal trust but that is irrelevant because the browser developers claims it does. Complain to them.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Tordurbar
join:2009-07-12 | In your lovely screen cap you have gone to an incorrect URL.
»https://forums.comodo.com/index.php
There ya go. Carry on. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| said by Tordurbar :In your lovely screen cap you have gone to an incorrect URL. » https:// forums.comodo.com/index.phpThere ya go. Carry on. Yes, I did that deliberately to illustrate a point.
You have anything useful to say ...or has the cat got your tongue? 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Tordurbar
join:2009-07-12
1 edit | Ooops didn't realize it was on purpose.
No cats here.
So seriously "It is ALL about Trust and Identity"
Agreed.
Here's why
If the browser can't verify the presence of an EV cert which in turn verifies the who, and verify all the content on a page it won't give you the Green bar or provide the equivalent cert info for those that check manually.
This is as close to trustworthy as is currently possible to independently verify by the browser and CA, and is, until abused or compromised in some significant way the new current accepted standard of Trust based on a third party.
Ultimately the user has to decide whether to Trust the who, but at least you're assured of who who is.
If you get a padlock alone or with a blue address bar you are assured of an encrypted connection and are completely on your own as to whether to Trust the who.
Look y'all I don't hate none of ya.
And I'm not here to complain, I've just had enough of the smear campaign based on a misguided premise.
If I didn't know what I know and had the situation explained to me by one of Comodo's professional detractors, I'd probably share in believing their misguided premise on which they have settled to base unfounded criticism. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| Sounds like you've had it explained to you by one of Comodo's professional apologists. I'd say you're the misguided one here. The rest of us understand the situation perfectly, thank you very much. And we make our decision by not using anything Comodo. For me, the decision is based on multiple things that have happened in the past couple of years that underscore the lack of integrity in the business, not just the certificates.
--
"The best proof there is intelligent life in outer space is the fact it hasn't come here." Arthur C. Clark 1917-2008
Team Discovery
|
|
Tordurbar
join:2009-07-12 | "The rest of us understand the situation perfectly, thank you very much."
Sorry I missed the part where you were voted Spokesparrot. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
1 edit | said by Tordurbar :"The rest of us understand the situation perfectly, thank you very much." Sorry I missed the part where you were voted Spokesparrot. You apparently missed the majority of us here who share this opinion. The one you declared yourself superior to. With all due respect, you haven't shown yourself to be superior.
I just added that there have been several incidents that reinforce my opinion of Comodo's lack of ethics. I was one of those who gave them a chance when many here had already written them off. I require companies whose software I use for security to have a very high sense of ethics. Once they have repeatedly shown me they lack it, their software is gone from my machine. You'll find most here in this forum choose their security software the same way - you have to be able to trust the company before you can trust their software.
--
"The best proof there is intelligent life in outer space is the fact it hasn't come here." Arthur C. Clark 1917-2008
Team Discovery
|
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
| reply to hayc59
Re: Comodo Continues to Damage It's Reputation
I should also add, that after the company has shown they are trustworthy, their software has to work. Comodo firewall works, but their AV is still poor at this point. I use OA firewall, which works and the maker has shown himself trustworthy and ethical. |
|
Tordurbar
join:2009-07-12
| reply to mers2
Re: The certificate industry marketing game
It's true you are free to not like a company for any reason you like.
You may not trust them because of the forum colors.
You may choose to use any products you like, and support them.
You can yank their certs from your browser if you like.
If you find some practice or association repulsive, go ahead.
But again,
If you are telling people to yank their certs from their browsers and that Comodo are the bad guys. Because a few rogue sites have been dug up using a DV cert from them, This is truly in-genuine if you don't remove all certs because they all provide DV certs.
or
If you are saying that encryption means you should Trust someone.
Then someone like me will call you on it.
And alas, struggle to set the record straight while trying to not come off as a superior carbon unit. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
| Do you even bother to read the posts you are responding to? I kind of doubt it.
I said there were many incidents over the past couple of years that proved a lack of ethics on the part of Comodo. The certs issue is one. A company selling/providing security software that also issues certs to known malware companies is just one piece of the ethics puzzle. The difference between Comodo and other cert companies is that they don't make security software and put themselves out as security experts protecting the public. Somehow that seems to have escaped your attention. Your comments on dislikes being based on the forum colors, etc. is insulting and shows how little you're thinking.
--
"The best proof there is intelligent life in outer space is the fact it hasn't come here." Arthur C. Clark 1917-2008
Team Discovery
|
|
Tordurbar
join:2009-07-12
| I see any attempt at levity equals epic Fail.
"A company selling/providing security software that also issues certs to known malware companies is just one piece of the ethics puzzle."
DV certs are issued without checks. So again it really doesn't matter who has one, Do Not use it as an indicator of who or Trust.
They are primarily in the cert business and that is a part of the business. For better or worse.
In reality given their understanding of the Trust business and it's flaws, this should translate into better security software.
Not weaker software because you've got a cert Trust issue.
And oh yes indeed they are security experts, protecting the public, for free too.
Don't believe me. Test it.
I believe they are currently doing a fine job of thoroughly protecting over 15 million users.
Personal take, Firewall and D+ kick ass, the AV as a standalone definitely still in the growing pains stages.
So are we both reading the same thread. |
|
mvdu
Premium
join:2003-07-28
Collegeville, PA
1 edit | reply to mers2
Right on; there IS no defense of Comodo IMO. Either have a better system for checking certs in place or get out of the security business. |
|
Trust me
@net.au | reply to hayc59
Re: Comodo Continues to Damage It's Reputation
Or go and make cars for Ford |
|
