[Scotsman]

As I've been looking into the code signing business, ran across why Vista is such a PITA. If your application isn't signed, Vista drastically reduces what it can access. Now that might not sound like such a bad thing at first. After all, if a software publisher is trust worthy they should digitally sign their software right?

All well and good until you find that to get that digital certificate to sign your application costs between $300 and $500 a year.

Open source has been a sore point with Microsoft for a long time now, regardless of anything they might say to the contrary. So here we have a sneaky way for them to stifle open source software on their platform, along with shareware and anybody else that can't afford to spend $300 - $500 a year for the privilege of their software running on Microsoft's platform.

Which for the end user means reduced choice. Did anybody really think Microsoft would change their ways after the anti-trust rulings?

[Cheiron]

Who runs Verisign and other "authorities" that obivously has to say ok for software??... are they in any way affiliated with Microsoft? ... and what is the nature of their "authority"? ... is it US official authorities or what... or the international internet authorities or sumtin?

...but it sure leaves the small fish making programs out to hang (and of course open source) ... hmmm
_________________
Cheiron
______________________________
"Any scientist with respect for himself should start
the day by rejecting his own pet hypotheses".
(Konrad Lorenz)

"Wir müssen wissen
Wir werden wissen"
(David Hilbert)

[Scotsman]

Not sure who runs Verisign et all. They are the root level certification authorities (buried in your webbrowser on most platforms). In short they vouch that you are an ok place to do business with and that your products can be trusted. They started out doing the certificates for secured websites (i.e. banks, paypal, credit card transactions, etc) and have branched out into selling certificates for Java applets, and in this case executables.

Not sure what their relationship with Microsoft is, or if there even is one.

[Cheiron]

so... in short: we dont know who runs the internet security? OK... hm

my best bet would be governmental approved and supervised semiprivate companies that specialise in security and are internationally cleared with W3 consortium, or whatever it is called, that tries to make some sort of head and tails of webstandards... at least I hope it is that hehe

I figure this is worth an investigation, especially since they charge money...really.
_________________
Cheiron
______________________________
"Any scientist with respect for himself should start
the day by rejecting his own pet hypotheses".
(Konrad Lorenz)

"Wir müssen wissen
Wir werden wissen"
(David Hilbert)

[Bri]

Since the nastys arrived on the web in the 90's Verisign has been working hard to keep us all sane. I obviously don't see MS or Verisign as a villain but their products a necessity due to the jerks.( anti-spam, anti-virus firewalls, intrusion detection and prevention, vulnerability protection, phishing response, etc.)
They keep a low profile in the other business they control (3 billion cellular connections)

Thawte was a valued competitor that kept the costs down but Verisign bought them a few years back and now monopolize the segment., the also own Network solutions. they traded some of their power along the way ie; they get along as the authoritative registry operator for two of the most important top-level domains, .com and .net.

It's interesting politics how Verisign get a free ride. In the war with ICANN, VeriSign's bid was backed by numerous IT and telecom heavyweights including Microsoft, IBM, Sun Microsystems, MCI and others, which all asserted that VeriSign had a perfect record operating .net etc.
_________________
RL..now with 100% less lag!