RapidSSLI expect this kind of thing from Equifax because they seem to do everything but the right thing in any interaction I've had with them online (e.g. why would they decide it a good idea to direct people to http://consumerinfo.com as an Equifax property? That seems like the phishiest thing I've come across. Seriously?) But RSA? Thawte?
FreeSSL
TrustCenter
RSA Data Security (!)
Thawte (!)
verisign.co.jp
I'll repeat again my analogy I have used in the past for those who don't get the implications:
"If you used a daycare for your child that you found to have strewn about broken glass, hypodermic needles, frayed electrical cords, etc. would you not switch to a new daycare?"Now, there is a caveat that is possible and I call it the Jack-in-the-box caveat. In the aftermath of the E-coli illnesses attributed to Jack-in-the-Box restaurants many, many years ago, when they reopened I was not hesitant to have a burger there. Why? Because it was clear that they were under very tight scrutiny from the government and health agencies due to what they went through. But, other restaurants were potential ticking timebombs. It's the devil you know vs. the devil you don't.
"Okay, now assume for example, that the bad daycare in the above example cleaned all of that up and pleaded that they would never be so careless again. Would you bring your child back to that daycare? If so, why? If they were so careless in the past, and there are so many other better daycare facilities, why should you risk your child's security on someone so careless and clueless?"
Emergent Chaos: Now will you believe MD5 is broken?
No comments:
Post a Comment