Key server security considerations / Certification Authorities
Janusz A. Urbanowicz
alex@FUCKUP.fantastyka.net
Mon Feb 19 02:00:02 2001
> > I visited signtrust.deutschepost.de for example, however they only sign keys
> > that they have created,
>
> So they also have your secret key. Very practical when the government wants
> to know things about you, like in Germany, what you were discussing with
> that member of a forbidden political party.
It depends on smartcard users. There are RSA smartcards that you can trigger
to generate a key and give you public part for certification (and you can
send them signed public key back for storage) but they won't surrender you a
private key.
Alex