[ic] Verisign -- please vote with your feet!

Mike Heins mike at perusion.com
Sat Sep 27 16:50:02 EDT 2003

Dear Interchange Users,

In the nearly seven years this list has existed, I have not often
used it as a soapbox. I guess I am now.

I have stopped using all Verisign products, period.

* Where I once had (either myself or with clients) a hundred or more
  domains registered with them, now I have zero. Any time I find someone
  registered at Verisign, I immediately suggest a move to another
  registrar, and I donate my time to help them do it at my

* I used Thawte since I first heard about them, approximately 1997,
  partly because they were not Verisign. When they were bought by
  Verisign, I felt they kept some of their integrity, so I kept using
  them. At this point, though, I have switched to Comodo and will no
  longer renew certificates with Thawte, and will no longer generate a
  CSR for them. And certainly not for the Verisign brand itself.

* I wrote a Signio client for Interchange, which eventually became the
  PayFlowPro module. I regret that, and I never recommend PayFlowPro.

Many of you may realize I have despised them for years; but they have
now gone far beyond the bounds of civilized behavior.

If I find anything else which is owned by Verisign, I will stop using
it. I will no longer work on any part of Interchange which supports a
Verisign product. Though I wouldn't be so insensitive as to do it
unilaterally, I will suggest that we remove the Interchange Signio/PayFlowPro
module from Interchange, and move it to a separate site or a contrib

Verisign obviously believes they are above the law and they believe they
don't need to conduct themselves with respect toward other people. They
routinely abuse trust by sending promotional email to people who have
specifically requested not to receive it.

And now the ultimate abuse of trust -- they hijack the Internet; the
NXDOMAIN DNS response existed for a reason, and now you won't get it
when you request a non-existent .net or .com domain.

I no longer consider them trustworthy to sign HTTPS certificates, and
have revoked all of their root certs in my browser. I may allow some
stores using their certs to sell to me, but I will have to OK the
certificate every time it is presented and I will send them feedback
that I don't appreciate them supporting pirates.

Please don't help Verisign run roughshod over everyone in the
world. Please stop using Verisign products.

Best Regards,
Mike Heins

More information about the interchange-users mailing list