On Tue, Sep 10, 2013 at 1:18 PM, Ted Lemon <[email protected]> wrote:
> On Sep 10, 2013, at 12:32 PM, Phillip Hallam-Baker <[email protected]> > wrote: > > The CA NEVER ever gives the user the key in any of the systems I have > worked on. > > This appears to be untrue. > > Comodo offers that exact service today. > > > > https://secure.comodo.com/products/!SecureEmailCertificate_Signup > > The Comodo service generates the key pair for you. This means that they > have your private key. We would hope that they would behave responsibly, > but we don't have the assurance we would have if we generated the key pair > and sent them only the public half. You go to a Web page that has the HTML or Javascript control for generating a keypair. But the keypair is generated on the end user's computer. The service could send you an ActiveX keygen control with a backdoor but I am not on Windows right now. I generated the keypair on Chrome and I have all runtime objects turned off. The CA returns the signed certificate to you, but that is the public key part. -- Website: http://hallambaker.com/
