Stephen,
The Thawte processes actually exceed IGTF standards in some respects (e.g.
face to face with 2 photo IDs, not just one, and the need to appear in front
of several notaries, not just one.). I am a Thawte Notary (as are many of
the IGTF people). The email address contained within the cert is confirmed
as part of the procedure. IGTF uses these as one way of securing
communications between members of the PMAs (PGP is another) - we cannot
discuss problems with the IGTF trust fabric using the same fabric!
You won't even get asked if you trust it, of course, because it is in the IE
and Mozilla trusted root CA lists.
HOWEVER.... Don't get too excited about this. Thawte have announced that
they will cease to issue these free personal certificates within the coming
weeks.
TERENA are also just about to offer free (at point of issue) personal
certificates, but I don't think that JANET(UK) has signed up for this yet,
but this may be possible in the future. The UK is signed up for the SSL
server certificate issuing scheme by the way.
Regards
Dave
(this mail signed with my Thawte credential)
------------------------------------------------
Dr David Kelsey
Particle Physics Department
Rutherford Appleton Laboratory
Chilton, DIDCOT, OX11 0QX, UK
e-mail: [log in to unmask]
Tel: [+44](0)1235 445746 (direct)
Fax: [+44](0)1235 446733
------------------------------------------------
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Stephen Burke
> Sent: 01 October 2009 11:26
> To: [log in to unmask]
> Subject: Re: email encryption
>
> Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Mingchao Ma said:
> > Now, it is sorted. I got a personal certificate issued by Thawte,
> > which is trusted commercial CA. Your browser/email client
> will trust
> > it by default. I digitally signed this email, check it out!
>
> Hmm ... I'm not sure I'm convinced, I have no idea what
> evidence of identity Thawte requires to issue a certificate
> whereas I do know what the UK CA requires, and I'm more
> inclined to trust the latter. Also I can be pretty sure that
> the Mingchao Ma the UK CA knows about is the same one who is
> the gridpp security officer, but Thawte may have issued a
> certificate to some completely different Mingchao Ma who is
> now trying to fool us :)
>
> Stephen
> --
> Scanned by iCritical.
>
|