Wei Dai wrote:
If you take a look at verisign's home page, they will be offering "low assurance" certificates for free for non-commercial uses. The only thing they will guarantee about these certs is that the subject name in the certificate is unique across all certificates signed by their class I CA. You should be able to get one of these certs in real time via an HTML form.
What is the point of this? What is to prevent someone from getting certificates for a million of the most common and/or famous names as quickly as possible?
Here is a scenario under which it would have a point. This is not totally secure, but that does not make it useless. 1) Register e-mail addresses. 2) Send the resulting signed certificates back to the registered subject name. 3) After you get your signed certificate, mail it to your friend. Now your friend can send you signed or encrypted messages. 4) If you ever get a certificate in e-mail from somebody, feel free to use the telephone to verify that it is coming from somebody you trust. Remember, the service is free. In this case, I think you will be getting more than you paid for. PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation