On Wed, Aug 04, 2004 at 10:35:14AM +0300, [EMAIL PROTECTED] wrote: > There is also OpenCA (http://www.cacert.org/). > > I've signed up with them but not yet sure how can this help with > signing certificates for/by others (no time to finish the process).
They don't seem to be part of the Certificate Authorities lists provided with common mailers (Outlook Express, Mozilla...). Therefore, they're as worthy as a "Certificate Authority" I can create with openssl or Win2K Certificate Manager in 5 minutes. The idea behind certificate authorities is this: 1. Only trusted large bodies, with secure authorization procedures(1) are part of the lists provided with common software. 2. They assure your identity by secure means (seeing your ID etc.). 3. They assert that you are whoever you claim you are by signing your certificate. Any person signed by an "unknown" certificate authority will show as "Untrusted" in the mailer, cause that authority itself is not trusted by the mailer to make identity assertions. [1] In fact, it's all a large business. To get into Internet Explorer's and Outlook Express's lists, you have to pay hard cash to Microsoft. I don't know what other demands Microsoft has from those organizations. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
