On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote:
-- SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates.
..which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject.
Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy.
Verisign had for a number of years an email-only cert. That is, they verified that the email address had someone or something that answered email. I beleive that they called this a 'Class 1' cert.
The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies.
This seems a curious and drastic omission from a certificate format.
X.509, PKIX et.al. allow a CA to insert a pointer to a certificate practice statement, which can define what the certificate certifies.
and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates.
Thwate's making free certs difficult has nothing to do with the usefulness of certs or X.509 or true names or whatever, and everything to do with maximizing profit. Since each cert carries a fixed risk of legal issues (i.e being sued because they certified X who wasn't X) Verisign/Thwate want to sell a comparatively few expensive certs instead of a lot of cheap certs. Eric