The difference is if the CA does not generate private keys, there should be only one certificate per email address, so if two are discovered in the wild the user has a transferable proof that the CA is up-to-no-good. Ie the difference is it is detectable and provable.
If the CA in normal operation generates and keeps (or claims to delete) the user private key, then CA misbehavior is _undetectable_. Anyway if you take the WoT view, anyone who may have a conflict of interest with the CA, or if the CA or it's employees or CPS is of dubious quality; or who may be a target of CA cooperation with law enforcement, secrete service etc would be crazy to rely on a CA. WoT is the answer so that the trust maps directly to the real world trust. (Outsourcing trust management seems like a dubious practice, which in my view is for example why banks do their own security, thank-you-very-much, and don't use 3rd party CA services). In this view you use the CA as another link in the WoT but if you have high security requirements you do not rely much on the CA link. Adam On Wed, Jul 28, 2004 at 11:15:16AM -0400, [EMAIL PROTECTED] wrote: > I would like to point out that whether or not a CA actually has the > private key is largely immaterial because it always _can_ have the > private key - a CA can always create a certificate for Alice whether or > not Alice provided a public key. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]