[OT] CAs: A Story

Sun, 23 Jan 2000 15:38:04 +0100

On Sun, 23 Jan 2000, J Horacio MG wrote:

> " The "Thawte Freemail Member" identity does not alter or change your key

> " in any way. It is just another identity certificate associated with the

> " key. People who do not trust Thawte will not see that as a valid

> " identity.

GnuPG simply does not except this new user ID because it is not signed
by the primary key and simply kicks it out due to a missing
self-signature.  It doesn't matter that Thawte signs this user ID
because it is not considered a valid signature.

IMHO Verisign (Thawte) simply does this as an advertisment; as long as
they do sign the realy user ID too there should be no problem.  But I
do not think that this is serious way to operate a CA.

> key through "signing and sending back to Thawte a small hexadecimal

> string generated during the certification process".

No, his secret key has not been compromised.

-- 
Werner Koch at guug.de           www.gnupg.org           keyid 621CC013

     Boycott Amazon!  -  http://www.gnu.org/philosophy/amazon.html