invoicing with PKI

James A. Donald jamesd at echeque.com
Wed Sep 3 02:28:31 EDT 2003 

    --
On 1 Sep 2003 at 12:23, Ian Grigg wrote:
> I suspect the widest use of public key crypto in a non-PKI
> context would be SSH, which opportunistically generates keys
> rather than invite the user to fund a PKI.  According to this
> page [1], there may or may not be 2,400k SSH servers

This of course enormously dwarfs the use of PKI certificates. 
Why?  Because an SSH server uses its public key to prove
continuity of identity, rather than true names, and this is lot
easier than true names.

Outlook and outlook express support digital signing and 
encryption -- but one must first get a certificate.

So I go to Thawte to get my free certificate, and find that 
Thawte is making an alarmingly great effort to link 
certificates with true name information, and with the beast 
number that your government has assigned to you, which imposes 
large costs both on Thawte, and on the person seeking the 
certificate, and also has the highly undesirable effect that 
using these certificates causes major loss of privacy, by 
enabling true name and beast number contact tracing of people 
using encryption.

Now what I want is a certificate that merely asserts that the 
holder of the certificate can receive email at such and such an 
address, and that only one such certificate has been issued for 
that address.  Such a certification system has very low costs 
for issuer and recipient, and because it is a nym certificate, 
no loss of privacy.

Is there any web page set up to automatically issue such 
certificates?

The certs that IE and outlook express accept oddly do not seem 
to have any provision for defining what the certificate 
certifies.

This seems a curious and drastic omission from a certificate 
format.

Since there is no provision to define what a certificate 
certifies, one could argue that any certification authority 
that certifies anything other than a true name connected to a 
state issued id number, the number of the beast, is guilty of 
fraud.  This would seem to disturbingly limit the usefulness 
and application of such certificates.  It also, as anyone who 
tries to get a free certificate from Thawte will discover, 
makes it difficult, expensive, and inconvenient to get 
certificates.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     id/UsYl2xTf9Mswn+zhPXu3gZK4Hx7RMoDuc1LXZ
     4TEx1/ENp2au248aS2r/SqmAc7NKT8yzMwGTk3dOK


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list