[ic] Verisign -- please vote with your feet!
smartin at steamvalve.com
Sun Sep 28 08:40:00 EDT 2003
We currently have a merchant account with Bank America as a bricks &
mortar store, who would you recommend, for a payment gateway & ssl
certificate? We are in the very early stages of setting up interchange.
Paul Vinciguerra wrote:
> On Sat, 27 Sep 2003 15:50:02 -0400, Mike Heins wrote
>>Dear Interchange Users,
>>In the nearly seven years this list has existed, I have not often
>>used it as a soapbox. I guess I am now.
>>I have stopped using all Verisign products, period.
>>* Where I once had (either myself or with clients) a hundred or more
>> domains registered with them, now I have zero. Any time I find someone
>> registered at Verisign, I immediately suggest a move to another
>> registrar, and I donate my time to help them do it at my
>>* I used Thawte since I first heard about them, approximately 1997,
>> partly because they were not Verisign. When they were bought by
>> Verisign, I felt they kept some of their integrity, so I kept using
>> them. At this point, though, I have switched to Comodo and will no
>> longer renew certificates with Thawte, and will no longer generate
>>a CSR for them. And certainly not for the Verisign brand itself.
>>* I wrote a Signio client for Interchange, which eventually became
>>the PayFlowPro module. I regret that, and I never recommend PayFlowPro.
>>Many of you may realize I have despised them for years; but they have
>>now gone far beyond the bounds of civilized behavior.
>>If I find anything else which is owned by Verisign, I will stop using
>>it. I will no longer work on any part of Interchange which supports a
>>Verisign product. Though I wouldn't be so insensitive as to do it
>>unilaterally, I will suggest that we remove the Interchange Signio/PayFlowPro
>>module from Interchange, and move it to a separate site or a contrib
>>Verisign obviously believes they are above the law and they believe they
>>don't need to conduct themselves with respect toward other people. They
>>routinely abuse trust by sending promotional email to people who have
>>specifically requested not to receive it.
>>And now the ultimate abuse of trust -- they hijack the Internet; the
>>NXDOMAIN DNS response existed for a reason, and now you won't get it
>>when you request a non-existent .net or .com domain.
>>I no longer consider them trustworthy to sign HTTPS certificates, and
>>have revoked all of their root certs in my browser. I may allow some
>>stores using their certs to sell to me, but I will have to OK the
>>certificate every time it is presented and I will send them feedback
>>that I don't appreciate them supporting pirates.
>>Please don't help Verisign run roughshod over everyone in the
>>world. Please stop using Verisign products.
> The problem is, at I see it, that Verisign effectively owns the .com and .net
> space. Its unlikely people are going to abandon .coms and .nets over this and
> verisign knows this. Its been rumored that they are currently recieving $1M+
> / day for planting overture bugs in visitors browsers. With incentives like
> that, its unlikely its coming down any time soon. So, the BIND patch solution
> seems to be the only REAL workable solution in the short term.
>>interchange-users mailing list
>>interchange-users at icdevgroup.org
> interchange-users mailing list
> interchange-users at icdevgroup.org
More information about the interchange-users