Verisign to run National RFID Directory 194
JamesD_UK writes "Verisign has been given the contract to develop a national RFID directory by EPCGlobal. Under the directory scheme each company will maintain an Object Name Service analogous to DNS with Verisign running the root server. Verisign has already setup the infrastructure at six different global sites."
Verisign & code signing (Score:5, Insightful)
The CryptoAPI mailing list was claiming that "verisign was running slow".
Anyhow, if its true, I don't trust Verisign for to provide infrastructure for squat.
Hey, Alright! (Score:3, Insightful)
Re:lol... (Score:5, Insightful)
Imagine entering a query to retrieve your car keys... the possibilities are endless.
Renewal fees (Score:5, Insightful)
Rus
Re:lol... (Score:5, Insightful)
Or the criminals that check whether it's worth to rob out a bank or a store by using an RFID scanner that detects all banknotes and calculates how much money is in the cash register. "RFID tagging supports delinquency"?!
what about UPC? (Score:3, Insightful)
Too much control by one company? (Score:5, Insightful)
Choice of Verisign is very misguided (Score:4, Insightful)
Not only do they lack the technical competence to do it properly and flexibly, but they also lack the professional integrity to be doing this work. It is a company that rejoices in its commercially-led myopia, at every opportunity making the "wrong" decisions on the basis of perceived market benefits to itself alone.
This is going to end in tears.
Thats nice. (Score:5, Insightful)
I can think of plenty of private uses of RFID which I would not want Verisign to be involved in, in the slightest.
ASN.1 vulnerabilities? (Score:3, Insightful)
Also, since ASN. is very non-trivial to program, it will be interesting to see how many programmers will be able to use this succesfully... i am referring to the ASP.NET generation
Re:Choice of Verisign is very misguided (Score:5, Insightful)
Surprised? (Score:4, Insightful)
</conspiracy theories>
ObjectID spoofing, here we come! (Score:5, Insightful)
So let me get this straight... (Score:5, Insightful)
Okay, I got it.
I understand the future: no company will be entrusted with sensitive, and potentially vital security work unless they combine incompetence with malfeasance.
Lovely...
Re:As much as I hate VeriSign... (Score:2, Insightful)
Nothing really since they are only the second company to be allowed the oppertunity.
As you stated, they do have a history of being abusive. Honesty and morality are the essential issues when selecting a company to maintain something as big and as controversial as this RFID database.
There are MANY companies who manage to maintain systems more complex than top level DNS and certs... Many of those companies do not have Verisigns abusive track record...
Re:So let me get this straight... (Score:3, Insightful)
"Hello, the tag you scanned does not exist, but we supplied the info of some other product..."
VeriSign would be the last company I would give this mandate to. Only choosing them on hardware terms is plain stupid...
RFID based Advertisement (Score:3, Insightful)
Think of the possibilities!!!!
In short, the data that we carry with us via RFID will precede our every action in society.
Imagine having BLOGS based on RFID's. "I dated a guy named Joe with an RFID tag of XYZ and he's a real loser/winner".
Makes Minority Report and Gattica seem pretty likely in our lifetimes.
If I microwave my clothes, will it destroy the RFID's???
Write to EPC, my letter is here: (Score:5, Insightful)
My letter is below:
(hpoe my facts are mostly accurate)
Good morning Mr. Grasso -
I am writing this morning to express my extreme dismay at the selection of VeriSign to run this RFID registry. As a professional in the technology field, I have dealt with VeriSign on many occasions, and have decided that I never will again, if at all possible. VeriSign has a history of putting the company first before all else, including privacy, not a great attribute for someone who will organize a system to track millions of things and people.
VeriSign has engaged in deceptive business practices, for example the "fake" invoices they sent out to clients of competing registrars, giving the false impression that the client had to pay VeriSign in order to renew their domain (VeriSign lost many lawsuits over this deceptive practice, and the FTC even got involved).
VeriSign most recently used the monopoly position on maintaining the
In all these cases, VeriSign acted greedily to further the company's aims over what's good for the people who must use the services that VeriSign administers. Their track record of deception and the world-renowned sluggishness with which their company operates should be a red flag for anyone who understands the types of technology involved and the effects that VeriSign's moves has had on the Internet.
Please consider some additional viewpoints. There is a website known as SlashDot, located at http://slashdot.org, which has one of the largest user bases of any web site. Most of the users are tech workers, and the discussions on SlashDot are some of the most intelligent discussions I have ever read. A discussion on your organization's decision is in progress right now. Please read it at http://slashdot.org/article.pl?sid=04/01/13/12572
And please pass along to your management the unhappiness this move has brought to the vast majority of the people who actually understand what your technology does, what it is capable of, and the ways it can be abused.
Thank you for your time.
Re:Choice of Verisign is very misguided (Score:4, Insightful)
Because savvy people avoid the temptation of higher places. They're happy coding, studying, exploring, inventing, and recognize that getting involved would mean sacrificing much, if not all, of that. There are some "savvy" individuals who feel driven enough to put aside personal pleasures and take up a cause, but often they feel that in the end, it's not worth it. Let the idiots who crave power, fame, wealth or whatever waste their lives in petty politics and schemes. The savvy are often savvy enough to just not play those games.
That's not to say it's morally right or wrong to get involved. It's a choice about how one wishes to live life and contribute. But you'll often know a good leader by the one who turns down the offer. I'm in an organization right now in which the current leader is stepping down and finding a new one is hard. Everyone who is truly qualified doesn't really want the responsibility or trouble. A savvy individual who is willing to play the game of "higher places" is rare indeed.
Re:Write to EPC, my letter is here: (Score:3, Insightful)
How EPC works (Score:3, Insightful)
2) EPC is 96 bits: Header, company, product, serial #
4) Extract "company" bits (exact length set by header flags). Make a lookup call to root ONS server. It will return IP address of "company"'s ONS server.
5) Extract "product" and "serial", call company's server for information on that instance of that product
Note that steps 4-6 are likely to be buried off in a single API call that accepts the whole EPC as an argument... and that (local) caching likely means that step 4 is often skipped. Caching can also help step 5, mostly when were only interested in product and not serial... but I digress from the point.
Further note that Verisign is only involved at "Company bits -> IP address of company's ONS" in step 4. No other involvment from Versign... so lots of scenarios suggsted above are just BS. Verisign either answers the query; or not.
If they attempt to "squat" like they did on unused domains, they can only do so on unused COMPANY codes (more like TLDs than unused domains)... and why would a real world RFID tag ever have an unused company code?
As for perverting any deeper information about that product or that instance... they are not involved in those calls... no can do.
Jan