Island Tel still doesn’t get it…

Let me preface these remarks with a brief comment about my Island Tel High Speed DSL service: it works. It has worked solidly for the past 9 months. I have no complaints. This is a Good Thing.

However, there is new evidence to suggest that Island Tel still doesn’t “get” the Internet. Witness the following screen shot:

Island Tel's Self Serving Certificate

Digital certificates are the means by which web clients (like you and I) can have some certainty that secure websites are, in fact, secure. A digital certificate serves both to offer some assurance that the site on the other end of the connection is who they say they are, and also that the information that you exchange with this site is kept private.

Central to the notion of the digital certificate system is that of the certificate authority, defined as:

A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be.

Note that it says third-party organization. This is important. The certificate authority has to be someone that both you (the client) and the people running the website you’re connecting to (the server) trust. Trust both in a spiritual sense, and in a technical one.

Now look at the screen shot above: it’s an error message that popped up in my browser when I tried to go to the Island Tel website to administer my dial-up account. The error message message says, in effect “warning, the certificate authority that issued this certificate isn’t installed in your browser as one of the standard ones.”

And who is this certificate authority — this trusted third party that is supposed to vouch for Island Tel’s veracity?

Why look, it’s Island Tel!

The “issued to” and “issued by” are the same on this certificate. Island Tel, in other words, wants us (and our browsers) to trust that Island Tel is who they say they are.

Now that is crazy and absurd on the surface. But it’s also crazy and absurd deeper down: how do I know that the Island Tel that’s telling me that they’re Island Tel is actually Island Tel? I don’t. Any old person could set up their server with a certificate authority and claim that they’re Island Tel. I could do it. So could you.

It’s only through the intermediation of a trusted third party that I can rest easy (or at least easier) that the Island Tel website I’m connecting to is bona fide.

I first told Island Tel about this in an email two years ago. I explained it all to them in very careful language. I received no response.

Comments

Mitch's picture
Mitch on March 24, 2002 - 04:12 Permalink

It also says it “expired” last year…what effect — if any — does this have on the issue ?

Dan James's picture
Dan James on March 25, 2002 - 18:58 Permalink

Now that is just funny. The certificate they issued to themselves has expired.

Craig Willson's picture
Craig Willson on March 26, 2002 - 00:02 Permalink

World Class” comes to mind at a moment like this.

christopher's picture
christopher on March 26, 2002 - 00:39 Permalink

Especially as the only reason that we know they are “world class”, with “end-to-end business solutions”, is that they tell us they are :-)

Al's picture
Al on March 26, 2002 - 02:20 Permalink

More like “world classy”, though, you know…”reaaally wou-ruld class-saaaaay”. Like a guy too many years at the bar the leisure suit and the aquavelva and the tab on the client account with that one rye and ginger too much: classy with a capital “K”. Used car jockey. Thinks end-to-end solution the funniest joke he’s heard even though it is his own company slogan but he still wants to share the joke with you over that rye.

christopher's picture
christopher on March 26, 2002 - 03:05 Permalink

That seemed to come from the heart, Alan. Anyone we know?

Al's picture
Al on March 26, 2002 - 11:52 Permalink

I think the same chappie does McCain’s and KFC advertising. He is the only one who understands the reason for the lady with the mint green violin and the rasta lad with the glass orchestra.

Annie's picture
Annie on March 26, 2002 - 14:12 Permalink

How did we go from dissing Island Tel to dissing the girl with the green violin? I LIKE that girl (though I’ll admit she has never made me want to drink fruit punch).

Alan's picture
Alan on March 26, 2002 - 14:47 Permalink

Well…as I threw the tiller on the tack…is there cheesie bad understanding of client needs in common? Do both take us for fools? Do both fail due to the inability of their marketing activity to achieve the end they want? [Tangent continuation warning!!!] By the way, the girl with the green violin makes me worry about consumption of fruit punch as their consumption makes them act in odd ways — random placement and colouring your glass orchestra, painting your violin green. Outside of the story line, I cannot figure out the demographic the ads are trying to speak to. Urban musical nutters? [TCW off]

Oliver Baker's picture
Oliver Baker on March 26, 2002 - 23:06 Permalink

These certificates are to prevent one site from appearing to originate from another site’s IP address, I take it. Is creating such an appearance any less of a hacking challenge than creating the appearance that one is phoning from different telephone “address” (phone number)? I presume both phone communications and HTML transfers are orchestrated by computers and both have at least some security in place. Maybe we should have certification for phone calls? (seriously)

tim loughmiller's picture
tim loughmiller on May 21, 2006 - 14:56 Permalink

About that girl with the green violin. If anyone is interested, I own that particular violin used in the commercial.