Peter Gutmann wrote:

A depressing number of CAs generate the private key themselves and mail out to
the client.  This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.

It's also cost-effective. The CA model as presented is too expensive. If a group makes the decision to utilise the infrastructure for signing or encryption, then it can significantly reduce costs by rolling out from the centre.

I see this choice as smart.  They either don't do it
at all, or they do it cheaply.  This way they have a

(Then, there is still the option for upgrading to self-
created keys later on, if the project proves successful,
and the need can be shown.)

As a landmark, I received my first ever correctly
signed x.509 message the other day.  I've yet to find
the button on my mailer to generate a cert, so I could
not send a signed reply.  Another landmark for the
future, of course.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to