Thawte Web-Of-Trust

L. Sassaman rabbi@quickie.net
Wed, 5 Jul 2000 11:34:25 -0700 (PDT) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 5 Jul 2000, Billy Donahue wrote:



> What's up with that?

> 

> Thawte has a system of travelling notaries


Actually, we (the notaries) don't travel. You do. If you want me to
notarize you, you have to come to me. :p


> and an institutionalized Web-Of-Trust system going.

> It seems rather innocuous, actually...

> They are issuing free personal X.509 certs

> and PGP keys. (bad idea, btw).. But they'll


How is that a bad idea? It's a great idea. They just don't do it right.


> also sign your PGP key for you if you can

> show some ID to their web form and to a

> few of their (usually free) notaries... (good idea)


Hrmm. Seems like you haven't read up on how their program works. =) You
need to start off with a PGP key or an X.509 CSR. You can then get more
information added to your certificate data and signed by them, as you gain
more points. These points are granted through their notary system.

This works for X.509. It does not apply to PGP, and is quite stupid in
that context. They make numerous mistakes, such as signing the 3 different
levels of the program with the same signing key; they violate etiquette by
adding unauthorized UIDs to one's key (I didn't *want* "Thawte Freemail
Member" attached to my key), and they have a sloppy chaining system for
their signing keys.



> Unfortunately, their form can't handle

> my GnuPG key...  They also have a problem with newer

> PGP keys, they say.. I guess they need to do some work...


nit: "GnuPG Key" and "newer PGP key" are the same thing.

They also just got bought by Verisign. Do you expect them to keep
supporting PGP? 
 

> Anybody have any experience or opinions with this system?


Complete garbage. Don't waste your time on the PGP stuff.

If you want to look at a free CA done right, check out
www.freecert.org. Note that we're not issuing certificates yet.




__

L. Sassaman

System Administrator                |  
Technology Consultant               |  "Common sense is wrong." 
icq.. 10735603                      |  
pgp.. finger://ns.quickie.net/rabbi |    --Practical C Programming







-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5Y3+4PYrxsgmsCmoRAp2uAJ9Km10sl2noXuLt08WHG9LbrlydewCdF2+r
zY6wsXF4DzlOTrwoe6uLm04=
=j9DA
-----END PGP SIGNATURE-----