[OT] CAs: A Story

Werner Koch wk@gnupg.org
Sun, 23 Jan 2000 15:38:04 +0100


On Sun, 23 Jan 2000, J Horacio MG wrote:


> " The "Thawte Freemail Member" identity does not alter or change your key
> " in any way. It is just another identity certificate associated with the
> " key. People who do not trust Thawte will not see that as a valid
> " identity.
GnuPG simply does not except this new user ID because it is not signed by the primary key and simply kicks it out due to a missing self-signature. It doesn't matter that Thawte signs this user ID because it is not considered a valid signature. IMHO Verisign (Thawte) simply does this as an advertisment; as long as they do sign the realy user ID too there should be no problem. But I do not think that this is serious way to operate a CA.
> key through "signing and sending back to Thawte a small hexadecimal
> string generated during the certification process".
No, his secret key has not been compromised. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013 Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html