25 And A Bit More Green For An X509 Certificate

That sounds like quite a deal actually. Verisign still charges an exhorbitant amount of money for bits that do the same thing.

-Jason

From Peter Gutman to the Cryptography Mailing list Subject: How much for a DoD X.509 certificate?

$25 and a bit of marijuana, apparently. See:

https://www.wjla.com/news/stories/0305/210558.html https://www.wjla.com/news/stories/0105/200474.html

Although the story doesn’t mention this, the “ID” in question was the DoD Common Access Card, a smart card containing a DoD-issued certificate. To get a CAC, you normally have to provide two forms of verification… in this case I guess the two were photo ID of dead presidents and empirical proof that you know how to buy weed.

The cards were issued by Yusuf Khalil Jackson, a man with a long criminal history (including, ironically, identity fraud):

John Pike, Global Security.org: “The notion that we’re going to let somebody with this type of criminal record, with no background check on him and give him the ID card machine defies understanding.”

Jackson admitted to making about 30 of the ID cards:

John Pike: “The good news is that it looks like some of these people were just doing it so they could go to a bar and claim to be over 21. The bad news is that you don’t know what else some of these other people might have done.”

One of the cards was later “seized from a Pakistani national” by the police.

Bowens: “That’s the nightmare of it. The cards themselves are not counterfeit. They’re authentically made but they’ve been issued in an unauthorized manner for profit or ideology or a little of both.”

This sort of thing doesn’t bode well for Real ID either. These cards were real ID too.

Peter.