Getting certificates.

Anonymous via the Cypherpunks Tonga Remailer nobody at cypherpunks.to
Wed Sep 3 11:16:17 PDT 2003 

On Wed, 3 Sep 2003, James A. Donald wrote:

>     --
> SSH server public/private keys are widely deployed.  PKI public
> keys are not.  Reason is that each SSH server just whips up its
> own keys without asking anyone's permission, or getting any
> certificates.
>
> Outlook and outlook express support digital signing and
> encryption -- but one must first get a certificate.
>
> So I go to Thawte to get my free certificate, and find that
> Thawte is making an alarmingly great effort to link
> certificates with true name information, and with the beast
> number that your government has assigned to you, which imposes
> large costs both on Thawte, and on the person seeking the
> certificate, and also has the highly undesirable effect that   
> using these certificates causes major loss of privacy, by  
> enabling true name and beast number contact tracing of people
> using encryption.
> 
> Now what I want is a certificate that merely asserts that the
> holder of the certificate can receive email at such and such an
> address, and that only one such certificate has been issued for
> that address.  Such a certification system has very low costs
> for issuer and recipient, and because it is a nym certificate,
> no loss of privacy.
> 
> Is there any web page set up to automatically issue such
> certificates?
> 
> The certs that IE and outlook express accept oddly do not seem
> to have any provision for defining what the certificate
> certifies.
> 
> This seems a curious and drastic omission from a certificate  
> format.
> 
> Since there is no provision to define what a certificate
> certifies, one could argue that any certification authority
> that certifies anything other than a true name connected to a
> state issued id number, the number of the beast, is guilty of 
> fraud.  This would seem to disturbingly limit the usefulness
> and application of such certificates.  It also, as anyone who
> tries to get a free certificate from Thawte will discover,
> makes it difficult, expensive, and inconvenient to get
> certificates.
> 
>     --digsig
>          James A. Donald

Here is an interesting post regarding the CA issue:

http://lists.spack.org/pipermail/wordup/2003/000684.html

You may want to look at http://www.cacert.org. It may do what you want.

More information about the cypherpunks-legacy mailing list