[3000] in cryptography@c2.net mail archive
Re: Pseudonymous S/MIME certs?
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Mon Jul 20 00:00:08 1998
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@c2.net>
Date: Mon, 20 Jul 1998 11:55:07 +0800
From: Lucky Green <shamrock@netcom.com>
Date: Monday, July 20, 1998 11:08 AM
>With S/MIME increasing in popularity, there has come about a need for
>pseudonymous S/MIME keys/certs.
>
>Some CA's, such as Thawte, will issue free S/MIME certs. But even Thawte
>still requires you to provide your DOB and SSN. It seems that there
>currently is no obvious way for a user of, say Outlook Express, to obtain
an
>S/MIME cert for a nym.
I, for one, have already raised with Thawte the issue of how silly is to ask
for personal identification data when they aren't checked at all (as it
happens with Freemail certs).
Even sillier: Thawte seem to ignore that expatriates exist. They assume that
the place where one lives must be in the country that issued the
identification document. So, now in their database I'm represented as living
in "Hong Kong, Italy" :-)
>If you know of an online enrollment site that doesn't require any
>verification whatsoever, I'd like to hear about it. If not, then it seems
it
>is time to create such a site.
Several sites issue certificates, just signing submitted public keys, but
they are declared as "zero confidence level", "test only" etc. A better
service would be a cert that only certifies that its owner can receive mail
at the declared address: this could be achieved mailing the certificate to
that address, as Thawte's Freemail service does (but adding to the process
useless pseudo-legal crap).
Enzo
