Verisign to run National RFID Directory 194
JamesD_UK writes "Verisign has been given the contract to develop a national RFID directory by EPCGlobal. Under the directory scheme each company will maintain an Object Name Service analogous to DNS with Verisign running the root server. Verisign has already setup the infrastructure at six different global sites."
Re:Verisign & code signing (Score:5, Informative)
Re:Verisign & code signing (Score:3, Informative)
As much as I hate VeriSign... (Score:5, Informative)
Re:Verisign & code signing (Score:5, Informative)
Microsoft's certificate wasn't expired. The problem stems from the fact that Verisign sign third party certificates with a certificate which has an expiry date (for safety, to limit the effects in the unlikely event that the private key is stolen from the secure facility it is kept in). The Verisign certificate is not part of the server certificate (otherwise people could make their own "Verisign" certs), it is distributed with tools and browsers etc.
Now a few years ago, Verisign realised that one of their Root Certificates was about to reach the point where it would expire within the lifetime of the certificates they were issuing. The sensible thing to do would be to create a new Root Certificate, and start using that, but then everyone using existing browsers and other tools would need to install the new certificate to continue working smoothly. Instead, they decided to extend the expiry date of the existing certificate, and reissue it. This meant that existing tools could keep working for a while without installing new certificates, and as newer updates replaced them, the new certificates would filter through.
The problem with this approach is that people became complacent and it was just delaying the problem. Some certificate stores ended up with both new and old certificates, and bugs in software (some MS software from what I've heard) meant that the old certificate was still being used, the new one was ignored. Other software (Java) continued being released with the old certificate and noone noticed until about a month ago. And then there's all the installations of Netscape Enterprise Server, Netscape 4.7, even IE 4 and 5.0 that are still out there with old certificates.
Re:Too much control by one company? (Score:2, Informative)
EPC is simply a reference for finding the producer of a given item - you pick up an RFID tag with the appropriate data, it refers you to Gillette, where you can use more specific information to find that it's a case of Mach 3 razor blades, shipped from such-and-such warehouse on such-and-such date. What exactly are you afraid of???
It disappoints me to see how many supposedly tech-savvy readers around here react with such fear...
WoW, its incredible to find... (Score:2, Informative)
who makes these decisions? (Score:1, Informative)
Re:ASN.1 vulnerabilities? (Score:2, Informative)
Re:Verisign & code signing (Score:3, Informative)