[OT] CAs: A Story
Sun, 23 Jan 2000 15:38:04 +0100
On Sun, 23 Jan 2000, J Horacio MG wrote:
> " The "Thawte Freemail Member" identity does not alter or change your key
> " in any way. It is just another identity certificate associated with the
> " key. People who do not trust Thawte will not see that as a valid
> " identity.
GnuPG simply does not except this new user ID because it is not signed
by the primary key and simply kicks it out due to a missing
self-signature. It doesn't matter that Thawte signs this user ID
because it is not considered a valid signature.
IMHO Verisign (Thawte) simply does this as an advertisment; as long as
they do sign the realy user ID too there should be no problem. But I
do not think that this is serious way to operate a CA.
> key through "signing and sending back to Thawte a small hexadecimal
> string generated during the certification process".
No, his secret key has not been compromised.
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html