Comodo has now become the No 1 company in the High Assurance Certificate Market worldwide.
There are two main markets in the SSL business.
Organisationally validated and Non Validated Certificates.
Verisign as a Verisign brand purely sells Validated Certificates. No other company was able to challange Verisign in the Validated Certificates market. Not Thawte, Not Geotrust and certainly not Godaddy. These companies offer cheap certificates that are not validated, hence able to gain market share quickly, but never really threaten Verisign’s core business. .
Enter Comodo….
Comodo has now taken over from Verisign as the No 1 provider of High Assurance Certificate Provider. Not only has Comodo claimed the No 1 position, but Comodo beat Verisign in their own game of “Brand Awareness”. Just look at Google Trend to see who has a more sought after brand according to Google . Remember the days of Verisign saying you should buy from them because they have brand awareness…..well gone those days….now there is Comodo………its not Verisign or Comodo proclaiming they are the bigger brand…but a third party….Google…
So Comodo has more sought after brand and is No 1 provider of High Assurance Certificates.
Of course its been hard work with dedication of around 700 Comodo employees to make it all happen…..
but wait…..
The work of “Creating Trust Online” has just began……
Melih
Verisign has now removed the “Revoke” button while still publicly denying there was ever a vulnerability.
As can be seen in the pdf attached in the post made in our Comodo forums, the Revoke button that existed previously, has been removed.
Unfortunately, there are no winners here. Verisign loses, and Comodo loses. The way that Verisign handled the whole affair is irresponsible and damaging to the industry in my opinion. I hope they can learn from this.
The whole thing could have been avoided, if they simply acknowledged that there was an issue when we reported and did something to fix it.
So far we know that after we went public:
Verisign has changed their server settings so that Google doesn’t index these security pages
Verisign has removed the “revoke” button from these security pages
Verisign has asked Google to delete these entries from their database.
Every single one of these actions could have been done when we contacted Verisign early last week and the whole fiasco could have been avoided. They forced Comodo to go public before they reacted to the vulnerabilities reported.
All these are positive moves in the right direction, although a bit late and unnecessarily public and after they claimed there was no issue, which makes them look not so with it. However, the most important factor is their customers, some of which are major banks. We do not know if they contacted their customers and ask them to verify if there was any breach or not in their security or if that resulted in any Compliancy breach. I believe they should inform their customers who used this service so that they can check to see if there was a breach or not.
Verisign: Trying to keep things quite is NOT the way to deal with these kind of situations.. You are NOT an ostrich..do not bury your head in the sand for god sake!!!
We compete at business level, but we share the same industry! It is NOT in anyone’s interest for anyone in the industry to get a bad name. Stop acting irressponsibly and start working with your Industry Partners!
After all said and done, Verisign is a respectable company and their Authentication division is in good hands with Symantec. I just hope they learn from this experience for the sake of the authentication industry.
Melih