When is a CA not a CA

ICANNWatch | VeriSign and Conflicts of Interest ICANN Wathch posting about Ian Grigg's grips re:Verisign and .net tld vs. NetDiscovery (CALEA compliance service). So, when they need to snoop they act as a bad ca, and when they don't, they act as a 'good' CA (well, maybe not).

This reminds me of the early days of SSL, when VRSN ruled supreme, and there was little confirmation of identity (CSR == Whois). Lame.... still.