Verisign to run National RFID Directory 194
JamesD_UK writes "Verisign has been given the contract to develop a national RFID directory by EPCGlobal. Under the directory scheme each company will maintain an Object Name Service analogous to DNS with Verisign running the root server. Verisign has already setup the infrastructure at six different global sites."
Comment removed (Score:5, Funny)
Re:lol... (Score:5, Insightful)
Imagine entering a query to retrieve your car keys... the possibilities are endless.
Re: (Score:3, Funny)
Re:lol... (Score:2)
Except if you lost your car keys, how long do you think it would be before spammers manage to work their pages near the top with things like "Lost your car keys?!?! Buy a new car!!!!!!"
Re:lol... (Score:5, Insightful)
Or the criminals that check whether it's worth to rob out a bank or a store by using an RFID scanner that detects all banknotes and calculates how much money is in the cash register. "RFID tagging supports delinquency"?!
Re:lol... (Score:3, Interesting)
Better still, if it was really clever it could read the tags in their clothing too. So a bus-load of obese american tourists turns up, the rfid reader detects 40 US citizens with waist sizes of more than 80 inches and BOOM!!!!!!!!!!!!!!!!
Oh well, there goes my karma
HH
--
Re:lol... (Score:2)
Better still, if it was really clever it could read the tags in their clothing too. So a bus-load of obese american tourists turns up, the rfid reader detects 40 US citizens with waist sizes of more than 80 inches and BOOM!!!!!!!!!!!!!!!!
Not very likely that the RFID signal gets through the bus...
The recent Al Qaeda attempt to assasinate President Musharraf, current military dictator of Pakistan onetime Taleban/Al Qaeda aly used a radio controlled charge set to dest
Re:lol... (Score:3, Interesting)
Someone could even set us up the boom such that it only explodes when brought into proximity of a specific RIAA CD, or a specific Gilette razor. Highly targeted.
Re:lol... (Score:5, Funny)
Indeed, why restrict yourself to your own car keys?
Re:lol... (Score:4, Funny)
Re:lol... (Score:5, Funny)
Re:lol... (Score:2)
Re:lol... (Score:3, Funny)
Finally, an answer (and an end) to the joke... "Dude, where's my car?"
Re:lol... (Score:2, Funny)
And Google will soon provide us with Poogle.
Or maybe Stoogle
(St for Stalking)
And if you use one that does not exist... (Score:5, Funny)
What happens when it can't find an item? (Score:2)
Verisign & code signing (Score:5, Insightful)
The CryptoAPI mailing list was claiming that "verisign was running slow".
Anyhow, if its true, I don't trust Verisign for to provide infrastructure for squat.
Re:Verisign & code signing (Score:5, Informative)
Re:Verisign & code signing (Score:3, Informative)
Re:Verisign & code signing (Score:5, Informative)
Microsoft's certificate wasn't expired. The problem stems from the fact that Verisign sign third party certificates with a certificate which has an expiry date (for safety, to limit the effects in the unlikely event that the private key is stolen from the secure facility it is kept in). The Verisign certificate is not part of the server certificate (otherwise people could make their own "Verisign" certs), it is distributed with tools and browsers etc.
Now a few years ago, Verisign realised that one of their Root Certificates was about to reach the point where it would expire within the lifetime of the certificates they were issuing. The sensible thing to do would be to create a new Root Certificate, and start using that, but then everyone using existing browsers and other tools would need to install the new certificate to continue working smoothly. Instead, they decided to extend the expiry date of the existing certificate, and reissue it. This meant that existing tools could keep working for a while without installing new certificates, and as newer updates replaced them, the new certificates would filter through.
The problem with this approach is that people became complacent and it was just delaying the problem. Some certificate stores ended up with both new and old certificates, and bugs in software (some MS software from what I've heard) meant that the old certificate was still being used, the new one was ignored. Other software (Java) continued being released with the old certificate and noone noticed until about a month ago. And then there's all the installations of Netscape Enterprise Server, Netscape 4.7, even IE 4 and 5.0 that are still out there with old certificates.
Re:Verisign & code signing (Score:3, Informative)
Re:Verisign & code signing (Score:2)
Hey, Alright! (Score:3, Insightful)
Great... (Score:5, Funny)
Please remember me when I'm gone...
Re:Great... (Score:4, Funny)
Please remember me when I'm gone...
Don't worry... you're still in the Google cache, although you haven't been spidered since you were 11 years old.
Re:Great... (Score:2)
(I will give up DOS when they pry my cold dead computer from around it
In other news.... (Score:5, Funny)
Simply wear the provided tinfoil hat to nullroute this new service.
What is this ./ of which you speak? (Score:2)
and how do I become a member?
Renewal fees (Score:5, Insightful)
Rus
Re:Renewal fees (Score:2, Funny)
Who needs style when technology can do it for me!
Organisation or Disorganisation? (Score:2, Funny)
what about UPC? (Score:3, Insightful)
CueCat vs. EPC Directory? (Score:3, Interesting)
What are the similarities between CueCat and the EPC Directory project? It seems to me that the only difference is the scale of the implementation.
Is that accurate?
Re:CueCat vs. EPC Directory? (Score:2)
Re:CueCat vs. EPC Directory? (Score:4, Funny)
CueCat: Privacy-intrusive, shaped like a dildo so you could go fuck yourself with it, and run by a useless bloody looney who was first against the wall when the last tech revolution ended.
VeriSign: Privacy-intrusive, is useful only for telling you as a customer to go fuck yourself, and run by a load of useless bloody looneys who will be first against the wall when the next tech revolution starts.
So in answer to your question... really not much difference at all.
Q: How can you tell your sysadmin's got a Verisign rep on the phone?
A: You hear someone screaming "YOU STUPID FUCING COCKSUCKERS!" into a phone every ten seconds, from six cubicles away.
Re:CueCat vs. EPC Directory? (Score:2)
Yes, but now you can buy one on eBay for $5 and have a fully functional barcode scanner by using replacement drivers.
Too much control by one company? (Score:5, Insightful)
Re:Too much control by one company? (Score:2, Informative)
EPC is simply a reference for finding the producer of a given item - you pick up an RFID tag with the appropriate data, it refers you to Gillette, where you can use more specific information to find that it's a case of Mach 3 razor blades, shipped from such-and-such warehouse on such-and-such date. What exactly are you afraid of???
It disappoints me to see how many supposedly tech-savvy readers around here react with such fear.
Re:Too much control by one company? (Score:3, Interesting)
They don't do their current jobs very well, why keep giving them new national-scale or global-scale jobs?
Hes afraid of encrochment (Score:2)
Choice of Verisign is very misguided (Score:4, Insightful)
Not only do they lack the technical competence to do it properly and flexibly, but they also lack the professional integrity to be doing this work. It is a company that rejoices in its commercially-led myopia, at every opportunity making the "wrong" decisions on the basis of perceived market benefits to itself alone.
This is going to end in tears.
Re:Choice of Verisign is very misguided (Score:5, Insightful)
Re:Choice of Verisign is very misguided (Score:2)
Re:Choice of Verisign is very misguided (Score:4, Insightful)
Because savvy people avoid the temptation of higher places. They're happy coding, studying, exploring, inventing, and recognize that getting involved would mean sacrificing much, if not all, of that. There are some "savvy" individuals who feel driven enough to put aside personal pleasures and take up a cause, but often they feel that in the end, it's not worth it. Let the idiots who crave power, fame, wealth or whatever waste their lives in petty politics and schemes. The savvy are often savvy enough to just not play those games.
That's not to say it's morally right or wrong to get involved. It's a choice about how one wishes to live life and contribute. But you'll often know a good leader by the one who turns down the offer. I'm in an organization right now in which the current leader is stepping down and finding a new one is hard. Everyone who is truly qualified doesn't really want the responsibility or trouble. A savvy individual who is willing to play the game of "higher places" is rare indeed.
Re:Choice of Verisign is very misguided (Score:2)
Re:Choice of Verisign is very misguided (Score:2)
If you mean "tech savvy" (which I assume you are, we are bitching about techology), then it effectively negates your original thought of making it big in business. (Yes, there are the VERY FEW, play along.)
Those that are "tech savvy" are usually not "business savvy" (go ahead, one person, reply and say "but I am both"). Those who are "tech savvy" got that way from tinkering/trying and/or building/destroying. You get business savvy by sitting in me
Re:Choice of Verisign is very misguided (Score:2)
Great... (Score:2, Interesting)
I can't think of anyone I'd trust more...
</sarcasm>
Seriously, it's a wonder anyone trusts them with anything anymore, especially with the way they've abused their position as DNS registrar and TLD maintainer. I certainly don't. They'll have to do a complete 180 for an extended period of time (many years) to ever get my business again.
Re:Great... (Score:2)
Haliburton?
The CIA?
Trust ? (Score:3)
Thats nice. (Score:5, Insightful)
I can think of plenty of private uses of RFID which I would not want Verisign to be involved in, in the slightest.
Re:Thats nice. (Score:2)
Re:Thats nice. (Score:2)
You just keep that to yourself. Nobody wants anything to do with your pleeasure-seeking shaved cyborg gerbils.
Re:Thats nice. (Score:4, Interesting)
Think of it this way, if you were in the FBI, advising the White House about upcoming threats to domestic security, what would you say about a growing global network of computers that it's pretty clear all business will rely on within the next 100 years? Would you advise that the government find a way to have a controling hand close to the heart of such a beast? Would you allow the military to give up control of such a thing whithout maintaining some sort of back-door power?
It's not so much about conspiracy, as about the way you manage resources. Verisign has either been involved in or bought the companies involved in the technologies most likely to scare the government (PGP, DNS, RFID, being a CA). This combination of interests and amazingly lucrative and monopolistic contract awards is fairly damning.
To jump back to topic, adding in RFID means that whoever has access to Verisign now has access to a giant database of what amount to tracer bugs planted (soon) in most of the items that you buy. Just think of the harm caused by the most obvious uses....
I really think that a national database of RFIDs should not be allowed. We should have a national allocation scheme like we do with Ethernet cards, based on industry standardization, but NEVER a database of final numbers.
Re:Thats nice. (Score:2)
As for cards, why bother with SS cards? You can do simple trend analysis and nail down who someone is based on 5 or 6 RFIDs on their person. For e
Uh-Oh (Score:2)
Verisign and RFID (Score:5, Funny)
ASN.1 vulnerabilities? (Score:3, Insightful)
Also, since ASN. is very non-trivial to program, it will be interesting to see how many programmers will be able to use this succesfully... i am referring to the ASP.NET generation
Re:ASN.1 vulnerabilities? (Score:2, Informative)
Verisign is not so bad (Score:3, Funny)
Surprised? (Score:4, Insightful)
</conspiracy theories>
Re:Surprised? (Score:2)
As long as personal data continues to be a commodity, profit will go over privacy.
As much as I hate VeriSign... (Score:5, Informative)
Re:As much as I hate VeriSign... (Score:2)
If you want to use Verisign instead of one of the alternates to register and manage your RFID domain then I'll be offering no sympathy if the le
Re:As much as I hate VeriSign... (Score:2, Insightful)
Nothing really since they are only the second company to be allowed the oppertunity.
As you stated, they do have a history of being abusive. Honesty and morality are the essential issues when selecting a company to maintain something as big and as controversial as this RFID database.
There are MANY companies who manage to maintain systems more complex than top level DNS and certs... Many of those companies do not have Verisigns abusive track record...
Re:As much as I hate VeriSign... (Score:2)
ObjectID spoofing, here we come! (Score:5, Insightful)
Re:ObjectID spoofing, here we come! (Score:2)
Well crap (Score:2)
Re:Well crap (Score:2)
Free Groceries (Score:3, Interesting)
So let me get this straight... (Score:5, Insightful)
Okay, I got it.
I understand the future: no company will be entrusted with sensitive, and potentially vital security work unless they combine incompetence with malfeasance.
Lovely...
Re:So let me get this straight... (Score:2)
I think the guvmint gave verisgn domain registration, and a consortium named epcglobal gave them everything else..
Re:So let me get this straight... (Score:3, Insightful)
"Hello, the tag you scanned does not exist, but we supplied the info of some other product..."
VeriSign would be the last company I would give this mandate to. Only choosing them on hardware terms is plain stupid...
New Verisign Ad Slogan (Score:4, Funny)
RFID based Advertisement (Score:3, Insightful)
Think of the possibilities!!!!
In short, the data that we carry with us via RFID will precede our every action in society.
Imagine having BLOGS based on RFID's. "I dated a guy named Joe with an RFID tag of XYZ and he's a real loser/winner".
Makes Minority Report and Gattica seem pretty likely in our lifetimes.
If I microwave my clothes, will it destroy the RFID's???
Credit for This Idea (Score:2, Interesting)
I remember reading 1984 in 1983 and thinking, "Well, thank God that could never happen." I don't think it's funny anymore. Somebody stop the madness.
tims
Re:Credit for This Idea (Score:4, Funny)
Too Early? (Score:2)
Nicaraguan terrorists were our friends as were El Salvadorian dictators. We had yet to begin, fully, the "War On Drugs" (sent up as a distraction to "Oh, Ollie North *did* siphon drugs to pay to fund the Contras explicitly against Congressional Mandate" and "you have no hard proof that as a candidate tha
EPC lookups for what? (Score:2)
Re:EPC lookups for what? (Score:3, Interesting)
You do have a great point about tag activation...I m
Write to EPC, my letter is here: (Score:5, Insightful)
My letter is below:
(hpoe my facts are mostly accurate)
Good morning Mr. Grasso -
I am writing this morning to express my extreme dismay at the selection of VeriSign to run this RFID registry. As a professional in the technology field, I have dealt with VeriSign on many occasions, and have decided that I never will again, if at all possible. VeriSign has a history of putting the company first before all else, including privacy, not a great attribute for someone who will organize a system to track millions of things and people.
VeriSign has engaged in deceptive business practices, for example the "fake" invoices they sent out to clients of competing registrars, giving the false impression that the client had to pay VeriSign in order to renew their domain (VeriSign lost many lawsuits over this deceptive practice, and the FTC even got involved).
VeriSign most recently used the monopoly position on maintaining the
In all these cases, VeriSign acted greedily to further the company's aims over what's good for the people who must use the services that VeriSign administers. Their track record of deception and the world-renowned sluggishness with which their company operates should be a red flag for anyone who understands the types of technology involved and the effects that VeriSign's moves has had on the Internet.
Please consider some additional viewpoints. There is a website known as SlashDot, located at http://slashdot.org, which has one of the largest user bases of any web site. Most of the users are tech workers, and the discussions on SlashDot are some of the most intelligent discussions I have ever read. A discussion on your organization's decision is in progress right now. Please read it at http://slashdot.org/article.pl?sid=04/01/13/12572
And please pass along to your management the unhappiness this move has brought to the vast majority of the people who actually understand what your technology does, what it is capable of, and the ways it can be abused.
Thank you for your time.
Re:Write to EPC, my letter is here: (Score:3, Insightful)
Re:Write to EPC, my letter is here: (Score:3, Funny)
You really must start reading more.
Re:Write to EPC, my letter is here: (Score:2)
In other news... (Score:3, Funny)
WoW, its incredible to find... (Score:2, Informative)
The end of freedom? (Score:2)
The right to privacy is inferred rather than explicit in the U.S. Constitution. For this to be ruled illegal, you'd have to convince a judge that a commercial RFID tag represents a law enforcement searc
11 Weeks, 2 Days Early (Score:2, Funny)
I wake up, check my e-mail, and pop the lid on my RSS feeds, and what do I see?
My first thought is, "Nice April 1 joke! Hah, hah, hah. Very fucking funny." But then I check my calendar.
Oh shit.
My worst fear has come to life (Score:4, Funny)
After browsing around for a few minutes, I walk out the doors without purchasing anything.
BOOM! Two sets of doors slam open, and out comes ItemFinder "Service" Bot ! Scooting towards me at nearly 35mph, knocking me down with his huge spiked arms.
[IFBot] I AM SORRY THAT YOU WERE UNABLE TO FIND THE ITEM YOU WERE SEEKING!!!
*** IFBot picks me up and throws me back into the store
[IFBot] PERHAPS THESE ITEMS ARE WHAT YOU WERE LOOKING FOR!!!
How EPC works (Score:3, Insightful)
2) EPC is 96 bits: Header, company, product, serial #
4) Extract "company" bits (exact length set by header flags). Make a lookup call to root ONS server. It will return IP address of "company"'s ONS server.
5) Extract "product" and "serial", call company's server for information on that instance of that product
Note that steps 4-6 are likely to be buried off in a single API call that accepts the whole EPC as an argument... and that (local) caching likely means that step 4 is often skipped. Caching can also help step 5, mostly when were only interested in product and not serial... but I digress from the point.
Further note that Verisign is only involved at "Company bits -> IP address of company's ONS" in step 4. No other involvment from Versign... so lots of scenarios suggsted above are just BS. Verisign either answers the query; or not.
If they attempt to "squat" like they did on unused domains, they can only do so on unused COMPANY codes (more like TLDs than unused domains)... and why would a real world RFID tag ever have an unused company code?
As for perverting any deeper information about that product or that instance... they are not involved in those calls... no can do.
Jan
The UCC (Score:2)
The UCC is the organization that hands out UPC barcodes.
Verisign to spin off NSI? (Score:3, Interesting)
Imagine... (Score:3, Funny)
This Is Good News for Privacy! (Score:2)
Wait until the first paying customer looks up their office supply product, and Verisign's database returns "Adult Sexual Aid"
Why do we need an EPC? (Score:3, Interesting)
Why not simply adapt the UNSPSC codes to work with RFID technologies? UNSPSC codes are already used around the world for working with material goods. In addition, all of the world's ERP systems including the market leading SAP R/3 support UNSPSC codes. So, instead of receiving a UNSPSC code through a Purchase Order, Invoice, or Purchase Requisition, the software would receive the RFID transmission of its UNSPSC code.
Wouldn't it be possible for companies to buy their own custom coded or blank RFID tags anyway? Who says you would have to subscribe to this format in the first place? Already there are competing standards on how e-commerce should be used. We have ebXML, cXML, and cbML. Sure it would be better if there was a single standard, but there isn't a way to force businesses to use such a standard. Why would RFID and EPC be any different?
Finally, if I use SAP (for example) why would I need my RFID tags or any software to communicate with Verisign? Why wouldn't I want my R/3 system to be "the system of record" as it is for my accounting?
People Never Learn (Score:2)
I smell a market... (Score:2)
The don't claim 'non-bias' (Score:2)
The BBC's Coat of Arms bears the slogan
NATION SHALL SPEAK PEACE UNTO NATION.
Which is perfectly in line with their decision to suspend (and hopefully fire) Kilroy-Silk.
Re:It's not "political correctness" (Score:2)
I couldn't find the full text, I had to trust a third party.
fuck him anyway, he's a wanker even if he didn't say it