Ian G wrote:
> Chris Palmer wrote:
>> Peter Saint-Andre writes:
>>> http://www.saint-andre.com/blog/2006-02.html#2006-02-27T22:13
>> 3. I see on your site you use and advertise for CACert. I hope CACert's
>> signing cert(s) are never trusted by my browser, because then my browser
>> would trust any cheap-ass random pseudonym in the world. 

IMHO trust is something you do, not something your browser does. Unless
you're going to delegate trust to the browser manufacturers...

>> Which brings us
>> to my next point...
> You are probably talking about the Class 1 root
> that CAcert uses to issue pseudonymous certs.
> Yes, they can be acquired by any cheap-ass
> psuedonym (but not randomly, as I think there is
> a serial number in there which I was told was
> an unavoidable artifact of x.509).
> Over on Peter's blog it seems to indicate he is
> an Assurer ... assuming that is correct [it isn't
> a cryptographically sound image :) ] then this
> means he is at least "assured" which is their
> term for his identity having been verified.

In CAcert, assurance is an action. You show me two government-issued
photo IDs (GIPIDs) and I compare them with your visage and physical
person; if I think they match, I "assure" you for some number of points
in the web of trust. If you get to a certain number of points, you can
use the Class 3 root. If you get even more points, you can become an
assurer (someone who does assurances). I happened to use the "trusted
third party" process for assurance (get copies of my GIPIDs witnessed
and notarized by two persons who are legally authorized in my
jurisdiction to witness and notarize documents), which results in more
points initially and the ability to become an assurer more quickly.


Peter Saint-Andre
Jabber Software Foundation

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to