Argh
Everyone else likes to worry about Google’s gatheringconflict of interests, but Verisign’s S.P.E.C.T.R.E.-level
skills still take some beating. This week, orbiting crypto
analysts Ian Grigg and Adam Shostock belatedly pointed out
to ICANN that perhaps Verisign couldn’t trusted with
.net. Why? Well, Verisign these days offers both top level
domains and SSL certificate authentication. They also, with
their NetDiscovery service – sell ISPs a complete service for
complying with law enforcement surveillance orders. So, if an
American court demands an ISP wiretap its customers, and the
ISP turns that order over to Verisign to do the dirty: well,
Verisign can now fake any domain you want, and issue any
temporary fake certificate, allowing even SSLed
communications to be monitored. What’s even more fun is that
they are – at least in the US – now moving into providing
infrastructure for mobile telephony. Yes, NOT EVEN YOUR
RINGTONES ARE SAFE.
Last modified: Wednesday, February 4th, 2026 at 7:09pm
Add a Comment