Re: digital signature

["Tom Metro-12" <user=71@nabble.blu.org>]

 Stephen Adler wrote: 
> If I do need to go through the 3rd party registry route, who should I 
> use? 

Several commercial providers offer free certificates for individuals to 
use on their email. This Mozillazine wiki page: 

http://kb.mozillazine.org/Getting_an_SMIME_certificate

recommends a few and provides instructions on using them with Thunderbird. 

A few times I started filling out the forms for a certificate from 
Thawte, but always gave up after finding the form too intrusive. When I 
ran across the above page I tried out the provider they recommend, 
Comodo, and the process was simpler. Of course the less information they 
gather, the less it proves about the bearer of the certificate. 


> Say I sign a document with a self generated key pair, how does a 
> third party know that the signature came from me and not someone 
> posing as me who generated their own pair of keys? 

As Dan pointed out, none of these issuers really prove that the 
certificate bearer is who they say they are. In the case of Comodo all 
it really proves is that the bearer has the ability to receive (or 
intercept) email at the email address being registered. 

About the only thing an official certificate issuer buys you is that the 
certificate authority certificate will already be installed in your 
recipient's software, so they'll be able to conveniently confirm the 
validity of the certificate. 

  -Tom 

-- 
Tom Metro 
Venture Logic, Newton, MA, USA 
"Enterprise solutions through open source." 
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss