[ic] Verisign -- please vote with your feet!

scott martin smartin at steamvalve.com
Sun Sep 28 08:40:00 EDT 2003


We currently have a merchant account with Bank America as a bricks & 
mortar store, who would you recommend, for a payment gateway & ssl 
certificate? We are in the very early stages of setting up interchange.

Thank You
Scott Martin

Paul Vinciguerra wrote:
> On Sat, 27 Sep 2003 15:50:02 -0400, Mike Heins wrote
>>Dear Interchange Users,
>>In the nearly seven years this list has existed, I have not often
>>used it as a soapbox. I guess I am now.
>>I have stopped using all Verisign products, period.
>>* Where I once had (either myself or with clients) a hundred or more
>>  domains registered with them, now I have zero. Any time I find someone
>>  registered at Verisign, I immediately suggest a move to another
>>  registrar, and I donate my time to help them do it at my
>>  cost.
>>* I used Thawte since I first heard about them, approximately 1997,
>>  partly because they were not Verisign. When they were bought by
>>  Verisign, I felt they kept some of their integrity, so I kept using
>>  them. At this point, though, I have switched to Comodo and will no
>>  longer renew certificates with Thawte, and will no longer generate 
>>a  CSR for them. And certainly not for the Verisign brand itself.
>>* I wrote a Signio client for Interchange, which eventually became 
>>the  PayFlowPro module. I regret that, and I never recommend PayFlowPro.
>>Many of you may realize I have despised them for years; but they have
>>now gone far beyond the bounds of civilized behavior.
>>If I find anything else which is owned by Verisign, I will stop using
>>it. I will no longer work on any part of Interchange which supports a
>>Verisign product. Though I wouldn't be so insensitive as to do it
>>unilaterally, I will suggest that we remove the Interchange Signio/PayFlowPro
>>module from Interchange, and move it to a separate site or a contrib
>>Verisign obviously believes they are above the law and they believe they
>>don't need to conduct themselves with respect toward other people. They
>>routinely abuse trust by sending promotional email to people who have
>>specifically requested not to receive it.
>>And now the ultimate abuse of trust -- they hijack the Internet; the
>>NXDOMAIN DNS response existed for a reason, and now you won't get it
>>when you request a non-existent .net or .com domain.
>>I no longer consider them trustworthy to sign HTTPS certificates, and
>>have revoked all of their root certs in my browser. I may allow some
>>stores using their certs to sell to me, but I will have to OK the
>>certificate every time it is presented and I will send them feedback
>>that I don't appreciate them supporting pirates.
>>Please don't help Verisign run roughshod over everyone in the
>>world. Please stop using Verisign products.
> The problem is, at I see it, that Verisign effectively owns the .com and .net
> space. Its unlikely people are going to abandon .coms and .nets over this and
> verisign knows this.  Its been rumored that they are currently recieving $1M+
> / day for planting overture bugs in visitors browsers.  With incentives like
> that, its unlikely its coming down any time soon.  So, the BIND patch solution
> seems to be the only REAL workable solution in the short term.     
>>Best Regards,
>>Mike Heins
>>interchange-users mailing list
>>interchange-users at icdevgroup.org
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users

More information about the interchange-users mailing list