Getting certificates.
Anonymous via the Cypherpunks Tonga Remailer
nobody at cypherpunks.to
Wed Sep 3 11:16:17 PDT 2003
On Wed, 3 Sep 2003, James A. Donald wrote:
> --
> SSH server public/private keys are widely deployed. PKI public
> keys are not. Reason is that each SSH server just whips up its
> own keys without asking anyone's permission, or getting any
> certificates.
>
> Outlook and outlook express support digital signing and
> encryption -- but one must first get a certificate.
>
> So I go to Thawte to get my free certificate, and find that
> Thawte is making an alarmingly great effort to link
> certificates with true name information, and with the beast
> number that your government has assigned to you, which imposes
> large costs both on Thawte, and on the person seeking the
> certificate, and also has the highly undesirable effect that
> using these certificates causes major loss of privacy, by
> enabling true name and beast number contact tracing of people
> using encryption.
>
> Now what I want is a certificate that merely asserts that the
> holder of the certificate can receive email at such and such an
> address, and that only one such certificate has been issued for
> that address. Such a certification system has very low costs
> for issuer and recipient, and because it is a nym certificate,
> no loss of privacy.
>
> Is there any web page set up to automatically issue such
> certificates?
>
> The certs that IE and outlook express accept oddly do not seem
> to have any provision for defining what the certificate
> certifies.
>
> This seems a curious and drastic omission from a certificate
> format.
>
> Since there is no provision to define what a certificate
> certifies, one could argue that any certification authority
> that certifies anything other than a true name connected to a
> state issued id number, the number of the beast, is guilty of
> fraud. This would seem to disturbingly limit the usefulness
> and application of such certificates. It also, as anyone who
> tries to get a free certificate from Thawte will discover,
> makes it difficult, expensive, and inconvenient to get
> certificates.
>
> --digsig
> James A. Donald
Here is an interesting post regarding the CA issue:
http://lists.spack.org/pipermail/wordup/2003/000684.html
You may want to look at http://www.cacert.org. It may do what you want.
More information about the cypherpunks-legacy
mailing list