Re: DCA MR: public key certification body registration

Damien Miller (dmiller@prometheus.projectx.com.au)
Fri, 17 Oct 1997 13:50:40 +1000 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Connolly: "Re: National summit planned for online economy"
Previous message: Robin Whittle: "Re: electronic/online/internet commerce"
In reply to: Stewart Carter: "re:electronic/on-line/internet commerce"
Next in thread: Glen Turner: "Re: DCA MR: public key certification body registration"

On Fri, 17 Oct 1997, Glen Turner wrote:

> A CA is a "certification authority". They issue keys
> (called "certificates") to people and organisations.
>
> The major roles of a CA are:
>
> - verify the person's identity.
>
> - issue a private key to that person.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This is most certainly not a given. Most current CA's do *not* issue
private keys, they certify ones that others generate themselves.

The certification process does not require the CA to ever know your
private key.

I would certainly trust a CA which allowed me to generate my own keys over
one that required me to use theirs. Forcing CA's to only certify keys that
they have generated themselves is the first step towards the GAK
(Government Access to Keys) infrastructure which is being so heatedly
challenged in the US. (and are IHMO A Bad Thing).

Regards,
Damien Miller

Next message: Chris Connolly: "Re: National summit planned for online economy"
Previous message: Robin Whittle: "Re: electronic/online/internet commerce"
In reply to: Stewart Carter: "re:electronic/on-line/internet commerce"
Next in thread: Glen Turner: "Re: DCA MR: public key certification body registration"