Thawte Web-Of-Trust

L. Sassaman
Wed, 5 Jul 2000 11:34:25 -0700 (PDT)

Hash: SHA1

On Wed, 5 Jul 2000, Billy Donahue wrote:

> What's up with that?
> Thawte has a system of travelling notaries
Actually, we (the notaries) don't travel. You do. If you want me to notarize you, you have to come to me. :p
> and an institutionalized Web-Of-Trust system going.
> It seems rather innocuous, actually...
> They are issuing free personal X.509 certs
> and PGP keys. (bad idea, btw).. But they'll
How is that a bad idea? It's a great idea. They just don't do it right.
> also sign your PGP key for you if you can
> show some ID to their web form and to a
> few of their (usually free) notaries... (good idea)
Hrmm. Seems like you haven't read up on how their program works. =) You need to start off with a PGP key or an X.509 CSR. You can then get more information added to your certificate data and signed by them, as you gain more points. These points are granted through their notary system. This works for X.509. It does not apply to PGP, and is quite stupid in that context. They make numerous mistakes, such as signing the 3 different levels of the program with the same signing key; they violate etiquette by adding unauthorized UIDs to one's key (I didn't *want* "Thawte Freemail Member" attached to my key), and they have a sloppy chaining system for their signing keys.
> Unfortunately, their form can't handle
> my GnuPG key... They also have a problem with newer
> PGP keys, they say.. I guess they need to do some work...
nit: "GnuPG Key" and "newer PGP key" are the same thing. They also just got bought by Verisign. Do you expect them to keep supporting PGP?
> Anybody have any experience or opinions with this system?
Complete garbage. Don't waste your time on the PGP stuff. If you want to look at a free CA done right, check out Note that we're not issuing certificates yet. __ L. Sassaman System Administrator | Technology Consultant | "Common sense is wrong." icq.. 10735603 | pgp.. finger:// | --Practical C Programming -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5Y3+4PYrxsgmsCmoRAp2uAJ9Km10sl2noXuLt08WHG9LbrlydewCdF2+r zY6wsXF4DzlOTrwoe6uLm04= =j9DA -----END PGP SIGNATURE-----