[14008] in cryptography@c2.net mail archive
Re: invoicing with PKI
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Sep 3 09:23:07 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: iang@systemics.com
Date: Tue, 2 Sep 2003 23:28:31 -0700
Cc: cryptography@metzdowd.com
In-reply-to: <3F537280.FF3B5F8F@systemics.com>
--
On 1 Sep 2003 at 12:23, Ian Grigg wrote:
> I suspect the widest use of public key crypto in a non-PKI
> context would be SSH, which opportunistically generates keys
> rather than invite the user to fund a PKI. According to this
> page [1], there may or may not be 2,400k SSH servers
This of course enormously dwarfs the use of PKI certificates.
Why? Because an SSH server uses its public key to prove
continuity of identity, rather than true names, and this is lot
easier than true names.
Outlook and outlook express support digital signing and
encryption -- but one must first get a certificate.
So I go to Thawte to get my free certificate, and find that
Thawte is making an alarmingly great effort to link
certificates with true name information, and with the beast
number that your government has assigned to you, which imposes
large costs both on Thawte, and on the person seeking the
certificate, and also has the highly undesirable effect that
using these certificates causes major loss of privacy, by
enabling true name and beast number contact tracing of people
using encryption.
Now what I want is a certificate that merely asserts that the
holder of the certificate can receive email at such and such an
address, and that only one such certificate has been issued for
that address. Such a certification system has very low costs
for issuer and recipient, and because it is a nym certificate,
no loss of privacy.
Is there any web page set up to automatically issue such
certificates?
The certs that IE and outlook express accept oddly do not seem
to have any provision for defining what the certificate
certifies.
This seems a curious and drastic omission from a certificate
format.
Since there is no provision to define what a certificate
certifies, one could argue that any certification authority
that certifies anything other than a true name connected to a
state issued id number, the number of the beast, is guilty of
fraud. This would seem to disturbingly limit the usefulness
and application of such certificates. It also, as anyone who
tries to get a free certificate from Thawte will discover,
makes it difficult, expensive, and inconvenient to get
certificates.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
id/UsYl2xTf9Mswn+zhPXu3gZK4Hx7RMoDuc1LXZ
4TEx1/ENp2au248aS2r/SqmAc7NKT8yzMwGTk3dOK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
