RE: GPG and Signing
John L Fjellstad wrote on Thursday, April 05, 2007 10:43 AM -0500:
> "Seth Goodman" <sethg@goodmanassociates.com> writes:
>
> > Instead, they built
> > native S/MIME support into their MUA's, built a certificate store
> > into their operating system and bought VeriSign.
>
> Couple of points. There are lots of stuff MS does that don't make
> them money. Also, I don't believe they own VeriSign.
Like most other companies, MS certainly does things that don't earn a
profit. Also like other companies, they generally don't support
initiatives that get in the way of other plans. SSL created a market
for trusted certificates and CA's. More importantly, it enabled casual
web commerce, which was very important to the MS vision of a web
supported by advertising and sales of products. Web commerce was much
more likely to succeed with a small number of universally trusted CA's,
whose identities are distributed with the OS, than with the ad hoc trust
networks of individual end users.
S/MIME created a second opportunity to earn profits by issuing and
serving certificates for email. PGP end users asked their associates to
assure the association between their identity and their public keys and
published signed keys on free public servers, so there was little profit
potential. The two protocols also had different audiences. S/MIME
addressed the needs of institutions that would gladly pay for
certificates if end users would trust them, while PGP was for human
rights workers that needed secure encryption but had no money, or
technical end users that favored it for personal/political reasons. One
need not invoke any bad intentions to see why S/MIME was a rational
choice by MS.
On the ownership of VeriSign, MS and VeriSign have collaborated closely,
but MS does not appear to own them. I don't recall where I got that
idea and I apologize for the error.
--
Seth Goodman
Reply to: