The World Is Flat. Except When It Isn't.
Jun. 28th, 2011 03:27 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
bjarvisI'm the web certificate go-to guy for my corporate overlords. I'm not sure how I fell into this role, but there it is and I'm OK with it all.
Yesterday evening, I was handed a request for a new web certificate and the corresponding CSR (request) data file. This morning, I ordered a two year certificate from Thawte.com and handed them the CSR data.
And that's when the fun began.
In order to ensure the certificate does indeed validate the particular web URL, the URL is incorporated into the CSR; the web authority (Thawte.com in this instance) then validates the information in the CSR against the publicly available WhoIs database which describes the owner of the web domain. If they match, great! If there's a discrepancy, they either have to decide it's close enough or reject the certificate request as being impossible to authenticate. This is standard procedure for all web certificate vendors.
Procedures have been tightened however at Thawte.com, probably in response to lapses with other vendors' procedures: a human being at Thawte.com is now telephoning the number listed in the WhoIs record to ask to speak directly to the person who submitted the certificate request to confirm the data verbally.
While this seems like a good idea at the time, it has some obvious problems in practice. For example, the domain in question is registered at the address of our corporate mothership in the Bay area of California while I work in Washington, DC: there is no way Thawte.com can expect to get me on the telephone in California.
Our firm doesn't have a receptionist. The main telephone number punts incoming callers into a response tree where they may enter a person's extension or type a last name to be directed appropriately. But since I don't work in Foster City, I'm not in that particular directory.
Perhaps they could get confirmation from my boss that I'm real and offer them my telephone number, but he works from Montana. Perhaps they could talk to my director, but he's rarely at his desk and travels frequently to our other offices.
In this particular instance, we got lucky: my boss happened to be visiting the mothership and was able to take the call and forward them to me.
I'm not sure how to deal with this in future. It would be a very bad practice to update the WhoIs records to point to me: what happens if I'm on vacation, out on extended leave, am hit by a bus or leave the firm?
I'm thinking about asking the boss for a telephone number in the Foster City office which then could be programmed to automatically forward all calls to my mobile here in DC. That seems to be the least problematic way out. If we can do it.
Still, this seems to me to be a somewhat broken process. Do they truly believe all of their customers have but one office where all personnel are located? I doubt Thawte.com themselves couldn't pass their own validation tests since their personnel are spread across various continents. Their very product line is supposed to be enabling people to work together from various points of the planet: is it too much to ask that their validation systems take this into consideration?
Yesterday evening, I was handed a request for a new web certificate and the corresponding CSR (request) data file. This morning, I ordered a two year certificate from Thawte.com and handed them the CSR data.
And that's when the fun began.
In order to ensure the certificate does indeed validate the particular web URL, the URL is incorporated into the CSR; the web authority (Thawte.com in this instance) then validates the information in the CSR against the publicly available WhoIs database which describes the owner of the web domain. If they match, great! If there's a discrepancy, they either have to decide it's close enough or reject the certificate request as being impossible to authenticate. This is standard procedure for all web certificate vendors.
Procedures have been tightened however at Thawte.com, probably in response to lapses with other vendors' procedures: a human being at Thawte.com is now telephoning the number listed in the WhoIs record to ask to speak directly to the person who submitted the certificate request to confirm the data verbally.
While this seems like a good idea at the time, it has some obvious problems in practice. For example, the domain in question is registered at the address of our corporate mothership in the Bay area of California while I work in Washington, DC: there is no way Thawte.com can expect to get me on the telephone in California.
Our firm doesn't have a receptionist. The main telephone number punts incoming callers into a response tree where they may enter a person's extension or type a last name to be directed appropriately. But since I don't work in Foster City, I'm not in that particular directory.
Perhaps they could get confirmation from my boss that I'm real and offer them my telephone number, but he works from Montana. Perhaps they could talk to my director, but he's rarely at his desk and travels frequently to our other offices.
In this particular instance, we got lucky: my boss happened to be visiting the mothership and was able to take the call and forward them to me.
I'm not sure how to deal with this in future. It would be a very bad practice to update the WhoIs records to point to me: what happens if I'm on vacation, out on extended leave, am hit by a bus or leave the firm?
I'm thinking about asking the boss for a telephone number in the Foster City office which then could be programmed to automatically forward all calls to my mobile here in DC. That seems to be the least problematic way out. If we can do it.
Still, this seems to me to be a somewhat broken process. Do they truly believe all of their customers have but one office where all personnel are located? I doubt Thawte.com themselves couldn't pass their own validation tests since their personnel are spread across various continents. Their very product line is supposed to be enabling people to work together from various points of the planet: is it too much to ask that their validation systems take this into consideration?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2011-06-28 08:25 pm (UTC)As for Thawte's process, I can state that 99% of my employer's employees DO NOT work at corporate HQ (including tech support) and probably a third of the 134,000 of us are either in the field or telecommute. That's one poorly thought through policy on Thawte's part.
no subject
Date: 2011-06-28 08:34 pm (UTC)no subject
Date: 2011-06-28 09:24 pm (UTC)"I'm thinking about asking the boss for a telephone number in the Foster City office which then could be programmed to automatically forward all calls to my mobile here in DC. That seems to be the least problematic way out. If we can do it"
This was standard for us when working with independent agents in various states throughout the country. No one really knew where the agents were located and it didn't really matter as long as their trips were booked correctly.