Geocert and Comodo: SSL wars

Has anyone else noticed this going on? Are my assessments with regards to ubiquity claims correct?

cb
--


To: whichssl@comodogroup.com
Subject: SSL wars
Cc: XxxxxX@FreeSSL.com, press@google.com

Dear persons,

As an existing InstantSSL (i.e. Comodo) customer I'm very disappointed to read the comments you have posted on YOUR (see http://whichssl.com/about-which-ssl.html) whichssl.com site regarding the certification provider GeoCert / FreeSSL (http://whichssl.com/unethical_practice.html).

You've used statistics from Google's Zeitgeist to claim that GeoCert's SSL technology does not support 20% of Internet users, yet you've based this on a figure referring to IE 5.x browsers. This claim is totally misleading for the following reasons:

- GeoCert supports every MS browser from IE 5.1 and beyond;
- IE 5.0 is a small fraction of IE 5.x browsers currently in use (according to the Google graph, about 50%, but presumably that includes IE 5.1); and,
- IE 5.0 is so dysfunctional and insecure that I wouldn't want those users ordering through my secure site anyway. I would rather they use Netscape 4.
- I might also point out that the graph has no indices.
- There is also no discussion of Macintosh variations.
- Other statistical sources clearly give IE 5.x as a whole 20% of browser share.

On top of that you're accusing them of spamming Comodo customers with predatory offers to steal their business away from you. This would (almost by definition) imply that they obtained some sort of list of Comodo customer email addresses (is there an SSL whois database to be exploited, I wonder?), otherwise they could not have sent "bulk mail" to a list of those target customers. Where would they have got this from?

I would suggest that that list doesn't even exist outside the offices of Comodo. I was contacted via email by FreeSSL, initially indirectly I might add (i.e. a forwarded email from one of my colleagues), then they followed the email up with an actual phone call - from the U.K., to Australia, at the correct time of MY morning. They stayed up until midnight to call me, whereas normally it would be me up at 3am trying to resolve issues regarding REAL spammers in the U.S.

Some of the allegations you've made are clearly unsubstantiated, and after my experience with GeoCert salespeople over the phone, my careful research of this particular slanging match, the very competitive package they're offering me and the unusually long 24+ hours it took you to issue my last SSL certificate, I'm seriously leaning to the other side. Until now I've been very happy with InstantSSL - the free one month trial cert is a very useful sales tool - but after all, wasn't it not so long ago that whichssl.com popped up to argue about many of these same issues with regards to Thawte and Verisign?

If I were either Google or GeoCert I would be considering legal action with regards to some of your claims.

Correct me if I'm wrong.

Chris Bell
Blue Sky Host.com
--

P.S. And at the end of the day, why am I paying you guys anyway? All you're doing is signing my certificate with yours!

 

 

 

 

Top