Refusing to address a point in an argument and responding with "then someone else would have" is, by definition, conceding the point.Wow. You just conceded that there is significant pressure on major
vendors to not counter the CA, and then claimed that some ethereal other
would magically be able to enforce it where Symantec couldn't.
What?! I did nothing of the sort. My "then" follows his "if". It does not
concede that his "if" is true, in fact I think it's preposterous.
Yes, you did say that. Look back in the thread. You were saying "The market will provide a solution". I said that that was naive. Your retort was "didn't say that".
Market demand sometimes does create solutions, however to claim that it
does without fail is a bit naive.
Didn't say that.
The same pressures that affected Symantec would affect them.So, if not Symantec, then who else do you propose would?
Lavasoft, Computer Associates, Bazooka, Webroot, Zone Labs, and pretty much
every other computer security vendor.
All markets have the potential to be distorted. And any sober review of any market will find most of these practices in place to one degree or another.History disagrees with you. So do a number of economists.
First of all, the unusual circumstances have occured in distorted markets.
Second, it took awhile for people to learn that these strategies almostSure, they didn't know the best way to cheat people at first. All solutions are better managed after trial and error. The problem with your argument is that there is corruption in the markets, or are you arguing that corruption is dead and all markets fix themselves? That would seem a bit assinine to me. I guess you'll just respond with "I never said that markets correct themselves..." :)
never work and to figure out precisely under what circumstances they do
work.
Correction: until it materially harms the user enough to address the issue. All decisions have a cost/benefit basis to them.It would harm them, yes, but they very well can get away with it.
Right, until it harms the users.
Because you're neglecting to consider important factors in the markets that are affected by this particular bug and, in fact, all CA root cert revocations on the part of browser producers and when I bring them up, you ignore them. Ignoring them makes it appear that you're being selective in your positions.
It's interesting how you cite market dynamics in your arguments, but
disregard them when they aren't favorable to your point.
How so?
Of course not - I can only speculate based on factors at work at the time. The same goes for yourself.
Or people set up that CA to a lower level of trust where they know the certificate has come from a CA they don't fully trust. Or maybe they download a list of certificates manually from that CA and don't trust unknown CAs without querying them with a third party. Or maybe, ...
You can't predict how the market will work.
Whoa whoa whoa. We're not talking about CAs creating a situation where things don't "just work". Not in the least.
There is a market in keeping users ignorant. So long as things "just work"
users can stay ignorant, and I assure you, if CAs create a situation that
doesn't "just work", someone else will work hard to come up with a solution
to keep things that way.
The average person doesn't have a choice. The MPAA is, effectively, a trust and a control for the movie industry. Looking through my own movie collection, I don't have many movies that aren't associated with the MPAA and I think I'd be hardpressed to find more than five.
There are millions of people out there who don't trust the MPAA or the
RIAA, for that matter. Not having the trust of the people hasn't
stopped them. Again, you've chosen a very poor example.
No, the issue (with the MPAA, I'm not sure how the RIAA got into this) is
not that people trust or don't trust them, the issue is that all they have
to sell is their trust. For the vast majority of people, trusting the MPAA
has never caused them a problem. So the alternatives to the MPAA only target
very specialized markets.
Yes, they have an interest in providing their services in the way that is economically feasible to achieve their best goals. Obviously, they don't want to see their customers harmed by their actions. However, it's a leap of faith to go from that to "they will provide the best service ever possible".
The market does not inherently protect people. Anyone who believes that
is reality impaired and doesn't have a very good understanding of
history nor economics.
That's not what I'm saying. I'm saying CAs have a huge interest in making sure their customers don't get harmed by their actions.