Slashdot Mirror
Verisign to run National RFID Directory
JamesD_UK writes "Verisign has been given the contract to develop a national RFID directory by EPCGlobal. Under the directory scheme each company will maintain an Object Name Service analogous to DNS with Verisign running the root server. Verisign has already setup the infrastructure at six different global sites."
Did anyone else run into trouble with Verisign using Microsoft's code signing last week? A bunch of Verisign's certs expired, which shouldn't have mattered if you were using the API correctly, but WinVerifyTrust() was blocking for minutes at a time. (I'm not sure why the certs belong to Verisign and not MS)
The CryptoAPI mailing list was claiming that "verisign was running slow".
Anyhow, if its true, I don't trust Verisign for to provide infrastructure for squat.
So, when you need to change something, or fix an error with your registered RFID tag, you can attempt to make the change via their web interface, then wait a week and a day, or you can call in and fax in the form and have someone never get anything done with it, too?? Then, right in the middle of it all, they'll switch out how things are done and you'll have to conform to their backward standards..
= Grow a brain...
Heh, that means we'll soon get all-kinds-of-stuff.google.com ;-)
Imagine entering a query to retrieve your car keys... the possibilities are endless.
superblog.org: all your favourite blogs on o
Just wait until the implement wildcard RFID als site seeker and start charging $70 a year to renew a tag. It wouldn't surprise me a bit
Rus
CPanel + Root from $35/mo - 10% off with discount code SLASHDOT
Yes, the possibilities are indeed endless. I'm wondering when the terrorists will catch up and build booby traps that only explodes when the RFID scanner attached to the booby trap detects an e.g. US-american citizen nearby (which wouldn't be too difficult to build, since the passports will have RFID tags, too). "RFID tagging supports terrorism"?!
Or the criminals that check whether it's worth to rob out a bank or a store by using an RFID scanner that detects all banknotes and calculates how much money is in the cash register. "RFID tagging supports delinquency"?!
A monkey is doing the real work for me.
Found it very odd that they didn't mention UPC even once in the article. Wouldn't it make sense to have support for UPC while EPC is phased in over time?
Having a bookmark to Google does not make you an expert on everything.
Mabbe it's juz me....but I am extremely uncomfortable of them running both the RFID database, and the DNS database. Too much control by one company.....I would prefer it's runned by a non-profit org. But I don't really like the idea of RFID in the first place.
For at least two reasons, choosing Verisign for this project is as bad a choice as picking SCO to safeguard free/open-source software -- a direct analogy, not just because SCO is flavor of the month.
Not only do they lack the technical competence to do it properly and flexibly, but they also lack the professional integrity to be doing this work. It is a company that rejoices in its commercially-led myopia, at every opportunity making the "wrong" decisions on the basis of perceived market benefits to itself alone.
This is going to end in tears.
But we should have an open, public, maintainable database which is -not- under the exclusive domain of Verisign for these things.
I can think of plenty of private uses of RFID which I would not want Verisign to be involved in, in the slightest.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
Given the fact that this sounds like a directory in X.500 or LDAP format, which are both extremely vulnerable to ASN.1 vulnerabilities, hackers will have a field day exploiting this directory.
:-)
Also, since ASN. is very non-trivial to program, it will be interesting to see how many programmers will be able to use this succesfully... i am referring to the ASP.NET generation
Is anyone actually surprised by this? I was just as shocked when Oracle's Larry Ellison said that he would help set up the National I.D. card database. These companies are just profiting from stealing away what little chunks of our privacy we have left, after congress and the government have taken their share. I guess that in this economy they will do anything to survive. Sad.
</conspiracy theories>
I hate sigs.
Just think what fun you could have with cache poisoning.
The company that thought trying to swindle *everyone* who didn't know the market price of domain registration by sending out pseudo-bills is the company that the Gov'mint thinks is worthy of keeping tabs on, well, on everything?
Okay, I got it.
I understand the future: no company will be entrusted with sensitive, and potentially vital security work unless they combine incompetence with malfeasance.
Lovely...
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
Which means...
Nothing really since they are only the second company to be allowed the oppertunity.
As you stated, they do have a history of being abusive. Honesty and morality are the essential issues when selecting a company to maintain something as big and as controversial as this RFID database.
There are MANY companies who manage to maintain systems more complex than top level DNS and certs... Many of those companies do not have Verisigns abusive track record...
Think of the possibilities!!!!
In short, the data that we carry with us via RFID will precede our every action in society.
Imagine having BLOGS based on RFID's. "I dated a guy named Joe with an RFID tag of XYZ and he's a real loser/winner".
Makes Minority Report and Gattica seem pretty likely in our lifetimes.
If I microwave my clothes, will it destroy the RFID's???
Please write to Jack Grasso, Director of Public Relations, at mailto:jgrasso@uc-council.org.
.COM and .NET "Top-Level Domains" to bring web surfers that made a typo in a URL to a VeriSign-owned search engine, which sold advertising to other companies and promoted specific search results based upon their paid advertisers. In the process, the technological changes they made to do this caused the malfunction of millions of programs, primarily many anti-SPAM utilities.
1 2&mode=thread&tid=158&tid=99
My letter is below:
(hpoe my facts are mostly accurate)
Good morning Mr. Grasso -
I am writing this morning to express my extreme dismay at the selection of VeriSign to run this RFID registry. As a professional in the technology field, I have dealt with VeriSign on many occasions, and have decided that I never will again, if at all possible. VeriSign has a history of putting the company first before all else, including privacy, not a great attribute for someone who will organize a system to track millions of things and people.
VeriSign has engaged in deceptive business practices, for example the "fake" invoices they sent out to clients of competing registrars, giving the false impression that the client had to pay VeriSign in order to renew their domain (VeriSign lost many lawsuits over this deceptive practice, and the FTC even got involved).
VeriSign most recently used the monopoly position on maintaining the
In all these cases, VeriSign acted greedily to further the company's aims over what's good for the people who must use the services that VeriSign administers. Their track record of deception and the world-renowned sluggishness with which their company operates should be a red flag for anyone who understands the types of technology involved and the effects that VeriSign's moves has had on the Internet.
Please consider some additional viewpoints. There is a website known as SlashDot, located at http://slashdot.org, which has one of the largest user bases of any web site. Most of the users are tech workers, and the discussions on SlashDot are some of the most intelligent discussions I have ever read. A discussion on your organization's decision is in progress right now. Please read it at http://slashdot.org/article.pl?sid=04/01/13/12572
And please pass along to your management the unhappiness this move has brought to the vast majority of the people who actually understand what your technology does, what it is capable of, and the ways it can be abused.
Thank you for your time.
-- You can't drink all day. (Unless you start in the morning...)
2) EPC is 96 bits: Header, company, product, serial #
4) Extract "company" bits (exact length set by header flags). Make a lookup call to root ONS server. It will return IP address of "company"'s ONS server.
5) Extract "product" and "serial", call company's server for information on that instance of that product
Note that steps 4-6 are likely to be buried off in a single API call that accepts the whole EPC as an argument... and that (local) caching likely means that step 4 is often skipped. Caching can also help step 5, mostly when were only interested in product and not serial... but I digress from the point.
Further note that Verisign is only involved at "Company bits -> IP address of company's ONS" in step 4. No other involvment from Versign... so lots of scenarios suggsted above are just BS. Verisign either answers the query; or not.
If they attempt to "squat" like they did on unused domains, they can only do so on unused COMPANY codes (more like TLDs than unused domains)... and why would a real world RFID tag ever have an unused company code?
As for perverting any deeper information about that product or that instance... they are not involved in those calls... no can do.
Jan