Re: Hacking PGP WoT onto X.509 systems
- From: "Peter S. May" <psmay@xxxxxxxxxxxx>
- Date: Tue, 31 Oct 2006 13:20:57 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Rubin wrote:
"Peter S. May" <psmay@xxxxxxxxxxxx> writes:
Firstly, is anyone already trying this? Secondly, is there anything
fundamentally wrong with these notions?
Thawte did something like that for a while, as I remember.
What Thawte is doing is a pseudo-WoT system by which a user who has had
enough volunteer notaries certify his identity can have his own name on
a certificate issued by Thawte. While it's an interesting way to get a
certificate (I myself just became a notary for this system) it lacks an
important element of the WoT: From the sender/verifier's perspective,
there's only one "introducer"--Thawte--so the key user's trust
granularity is quite coarse.
The Thawte WoT cert program is also only for e-mail-only certs, but
CAcert.org applies a similar system to SSL-capable certs. Still,
neither is a real WoT in the useful sense.
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFR5QEei6R+3iF2vwRAqtFAJ9JY3hTel11lkmUUJ9nrw39ZJ1JbwCgm134
VMjvImPuaqfJgwP6q3jzUyU=
=SrUK
-----END PGP SIGNATURE-----
.
- References:
- Hacking PGP WoT onto X.509 systems
- From: Peter S. May
- Re: Hacking PGP WoT onto X.509 systems
- From: Paul Rubin
- Hacking PGP WoT onto X.509 systems
- Prev by Date: Re: MD5 for passwords
- Next by Date: Re: MD5 for passwords
- Previous by thread: Re: Hacking PGP WoT onto X.509 systems
- Next by thread: Re: AES use of constant
- Index(es):
Relevant Pages
|
