Re: LUG: Keys, signatures, etc. - Thu, 06 Oct 2005 08:54:44 -0400

Subject : Re: LUG: Keys, signatures, etc.

From : Elliot Peele <ebpeele2@ncsu.[redacted]>

Date : Thu, 06 Oct 2005 08:54:44 -0400

On Thu, 2005-10-06 at 08:25 -0400, M Rulison wrote:
> "Signatures" (certificates) used to establish the bona fides of a
> message sender may be established in two ways:

Both of these are correct for generic signing of certificates used for
identification.

> 1. A signature "party" in which one or more persons ('signors')
> verify that the 'signee' is indeed identifiable (photo id's,
> etc.) that he/she is who he/she says he/she is. Signors then
> add their own keys to that of the signee. Cost: some time and
> computer logons.

This is mostly applies to PGP keys.

> 1. a 'Signor' indentifies him-herself satisfactorily to Verisign
> or other vouching organization, either as an individual or a
> business, etc. Said organization then issues a certificate
> (key). Cost: some time and an annual fee, e.g. $40.

Where as this applies to SSL certificates. Where a signing authority,
such as Verisign, can create a SSL certificate for you. People trust
your certificate because they trust Verisign.

You can use x509 certificates for personal identification, within an
organization such as NCSU for instance, but as far as I know its not
really used on a large scale at this point.

Elliot

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUAQ0UelL84n0QT6+VCAQKMWwQApRzxtz+Ha0GhPFO79rs1Ljph/2gab66i
csSTb6qy7agoty9muzJG0zVMk2AjyJ0oDsqSUiInVSZkUlAOoifNZdaOpUVwWNoL
Sq4PSVIQJd+vsp6WaJ+R6Xt0c5ZcmYkAZbfK5txzr9ll+OUlAHVswrb5uOQ6G+xd
KS8aXrVi9fI=
=V2Su
-----END PGP SIGNATURE-----