Hi Adam,
> From: Adam Back <[EMAIL PROTECTED]>
> Date: Fri, 30 Jul 2004 17:54:56 -0400
> To: Aram Perez <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], Cryptography <[EMAIL PROTECTED]>, Adam
> Back <[EMAIL PROTECTED]>
> Subject: Re: should you
Aram Perez <[EMAIL PROTECTED]> writes:
>I agree with Michael H. If you trust the CA to issue a cert, it's not that
>much more to trust them with generating the key pair.
Trusting them to safely communicate the key pair to you once they've generated
it is left as an exercise for the reader :-).
P
At 02:09 PM 7/28/04 -0400, Adam Back wrote:
>The difference is if the CA does not generate private keys, there
>should be only one certificate per email address, so if two are
>discovered in the wild the user has a transferable proof that the CA
>is up-to-no-good. Ie the difference is it is detect
On Wed, Jul 28, 2004 at 10:00:01PM -0700, Aram Perez wrote:
> As far as I know, there is nothing in any standard or "good security
> practice" that says you can't multiple certificate for the same email
> address. If I'm willing to pay each time, Verisign will gladly issue me a
> certificate with m
Hi Adam,
> The difference is if the CA does not generate private keys, there
> should be only one certificate per email address, so if two are
> discovered in the wild the user has a transferable proof that the CA
> is up-to-no-good. Ie the difference is it is detectable and provable.
As far as
At 12:09 PM 7/28/2004, Adam Back wrote:
The difference is if the CA does not generate private keys, there
should be only one certificate per email address, so if two are
discovered in the wild the user has a transferable proof that the CA
is up-to-no-good. Ie the difference is it is detectable and
The difference is if the CA does not generate private keys, there
should be only one certificate per email address, so if two are
discovered in the wild the user has a transferable proof that the CA
is up-to-no-good. Ie the difference is it is detectable and provable.
If the CA in normal operatio
