-- On 1 Sep 2003 at 12:23, Ian Grigg wrote: > I suspect the widest use of public key crypto in a non-PKI > context would be SSH, which opportunistically generates keys > rather than invite the user to fund a PKI. According to this > page [1], there may or may not be 2,400k SSH servers
This of course enormously dwarfs the use of PKI certificates. Why? Because an SSH server uses its public key to prove continuity of identity, rather than true names, and this is lot easier than true names. Outlook and outlook express support digital signing and encryption -- but one must first get a certificate. So I go to Thawte to get my free certificate, and find that Thawte is making an alarmingly great effort to link certificates with true name information, and with the beast number that your government has assigned to you, which imposes large costs both on Thawte, and on the person seeking the certificate, and also has the highly undesirable effect that using these certificates causes major loss of privacy, by enabling true name and beast number contact tracing of people using encryption. Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy. Is there any web page set up to automatically issue such certificates? The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies. This seems a curious and drastic omission from a certificate format. Since there is no provision to define what a certificate certifies, one could argue that any certification authority that certifies anything other than a true name connected to a state issued id number, the number of the beast, is guilty of fraud. This would seem to disturbingly limit the usefulness and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG id/UsYl2xTf9Mswn+zhPXu3gZK4Hx7RMoDuc1LXZ 4TEx1/ENp2au248aS2r/SqmAc7NKT8yzMwGTk3dOK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]