Nicely handled, Thawte!

Monday, June 16th, 2008

I was delighted to see Thawte’s elegant handling of the recent OpenSSL random number generator flaw in Debian, Ubuntu and other Debian derivatives. They offered a free replacement for anyone who was affected. Years ago, when Thawte was setup, we put a lot of effort into doing things in a way which made sense for users of ApacheSSL and similar, open-source based secure servers. I’ve not kept up with the changes at the company since it became part of VeriSign in 2000, but it’s great to see that the brand has been preserved, and that more importantly some of it’s key values have, too.

10 comments:

  1. Stefan Potyra says: (permalink)
    June 16th, 2008 at 10:39 pm

    hm… this may be fake advertising I’m doing right now, but due to a heise newspost (which I can’t recall right now), German cert providers actually informed customers of weak keys, rather than just offering free replacement.. Or did Thawte also inform customers? *shrug*.

  2. Nathan Haines says: (permalink)
    June 17th, 2008 at 5:48 am

    Wow, I’m really impressed.

    It’s really nice to know that some companies go the extra mile for their customers.

  3. Joachim Kluge says: (permalink)
    June 17th, 2008 at 6:09 am

    “Alle von c’t befragten CAs erklärten, man könne bei ihnen schwache Zertifikate kostenlos widerrufen und durch neue ersetzen lassen.”
    –> All questioned CA responded that they will revoke and replace certificates for free.
    (http://www.heise.de/newsticker/Viele-schwache-Web-Server-Zertifikate-gefaehrden-Online-Shopping–/meldung/109196/)

    So is sounds a little like advertising for Thawte ;)

    Mark Shuttleworth says:
    Ah, I wasn’t aware that it was a common practice. I was simply proud of the way they handled it, regardless of what others were doing. I’m no longer related to, invesdted in or involved with any CA’s, though it was a great business and a fun way to meet a lot of start-up entrepreneurs at the time :-)

  4. Mel says: (permalink)
    June 17th, 2008 at 6:50 am

    Thawte also informed customers, yes. As far as I know they sent out mails to anyone who had said that they were using Apache or “other” software at the time of purchase.

  5. Gideon says: (permalink)
    June 17th, 2008 at 10:12 am

    It’s interesting that the problem received a huge amount of coverage, and the solution got so little – this is the only post I’ve seen on it.

  6. naught101 says: (permalink)
    June 18th, 2008 at 12:24 pm

    “it’s great to see that the brand has been preserved”

    Uh, why, exactly? Isn’t a “brand” bascially an advertising gimmick to convince gullible customers that your product is better than your objectively comparable competitor’s product?

    Mark Shuttleworth says: No, a brand is a set of values that you stick to, and which people can expect from you. You have a brand whether you like it or not. Your blog, for example, is a very clear statement of your values – it’s your brand – and it will define what people expect from you when they interact with you.

  7. naught101 says: (permalink)
    June 21st, 2008 at 10:04 am

    Mark: That definition is pretty unique. At best, when speaking of values, a brand is an image put forth of the values of the group behind the brand – regardless of whether that image is an accurate picture of the real values the group holds.

    Don’t get me wrong, I don’t have anything against Thawte – I’m glad you were involved, else ubuntu wouldn’t be so we resourced. I just think that in general, capitalists, such as yourself, tend to blind themselves to certain realities – the most basic one that competing and being better than your competitors is a good thing. Open source has shown, and is showing, that this just isn’t the case – co-operation is far superior, when you can convince yourself to forgive your counterparts their failings.

  8. evanc says: (permalink)
    June 23rd, 2008 at 8:12 pm

    Naugt101, I sympathize with your “competing/brand” views but when you develop them completely and apply them to the broader picture, you might realize that being against “competing” is being against evolution.

    So thats there to start with, the universe is dynamic – the fit things survive, that we can not stop. What we can affect is the defenition of “fit” and the winning criteria. Our brands/values/images, in a way (as superficial as they might be, they are a good base to start with) are the conditions commonly defined and redefined of what is “fit”, and therefore good for society/humanity.

    And co-operation is certainly not opposed to competing/evolution nor should be impaired by it. But in fact, in order to cooperate we need to be competing to achieve something (with what is currently existent or non existent). It is the area where we can do something and choose in WHICH DIRECTION THE COMPETITION IS GOING. Thawte or Ubuntu are good for the long term of humanity and hopefully consumers choose them as “fitter” than non-open source and less consumer concerned brands. And there is your not so evil competition with socially good (or better) winners.

  9. spillz says: (permalink)
    June 24th, 2008 at 2:26 pm

    “I just think that in general, capitalists, such as yourself, tend to blind themselves to certain realities – the most basic one that competing and being better than your competitors is a good thing. Open source has shown, and is showing, that this just isn’t the case – co-operation is far superior, when you can convince yourself to forgive your counterparts their failings.”

    nonsense. successful capitalism and successful open source combine both competition (generally across companies/projects) and cooperation (generally inside companies/projects). without competition you have cooperative mediocrity. do you views forks and competing libs/apps/frameworks as a bad thing?

  10. Blog de Bernard Opic » Archives du Blog » Bien joué, Thawte ! says: (permalink)
    August 14th, 2008 at 9:16 am

    [...] française de l’article “Nicely handled, Thawte!“. Auteur : Mark Shuttleworth – Traducteur : Bernard [...]