Penguin

Differences between current version and predecessor to the previous major change of RobotCA.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 24 Last edited on Tuesday, October 11, 2005 12:09:38 am by AristotlePagaltzis
Older page: version 22 Last edited on Sunday, July 31, 2005 11:23:34 am by MattBrown Revert
@@ -1,23 +1,23 @@
-Part of the [OpenPGP] PublicKeyInfrastructure. 
+A CertificationAuthority which automatically signs PublicKey~s which match some requirement. Part of the [OpenPGP] PublicKeyInfrastructure. 
  
-A CA which automatically signs public keys which match some requirement
+Typically [RobotCA]s are set up to validate that the a PublicKey belonging to an [Email] address does actually belong to the email address. This is achieved by the [RobotCA] signing each uid on the public key and sending the signed copy to the email address, encrypted with the public key. If the public key belongs to whoever reads the email address, they recieve the signed copy, can decrypt it and then publish it to the public KeyServer~s. If the public key does not belong to whoever reads the email address, they recieve are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them
  
-Typically [RobotCA]s are set up to validate that the a public key belonging to an email address does actually belong to the email address. This is achieved by the [RobotCA] signing each uid on the public key and sending the signed copy to the email address, encrypted with the public key. If the public key belongs to whoever reads the email address, they recieve the signed copy, can decrypt it and then publish it to the public [KeyServer]s. If the public key does not belong to whoever reads the email address, they recieve are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them.  
-  
- [RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most robot CAs are only as strong as the underlying [Mail ] infrastructure: anyone who can read another persons mail can impersonate them and anyone who can read and delete another persons mail can get the signature without the person knowing. Robot CAs also offer no evidence as to the real identity of an OpenPGP user, merely their email address. All well behaved Robot CAs use a [SignaturePolicyURL], which is the [URL] of the policy under which the keys are signed. 
+[RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most robot CAs are only as strong as the underlying [Email ] infrastructure: anyone who can read another persons mail can impersonate them and anyone who can read and delete another persons mail can get the signature without the person knowing. Robot CAs also offer no evidence as to the real identity of an [ OpenPGP] user, merely their email address. All well behaved Robot CAs use a [SignaturePolicyURL], which is the [URL] of the policy under which the keys are signed. 
  
 A [RobotCA] also has the side effect of serving as a TimeStampServer for keys---because a time stamp is included in the signature added to the key, the signature is evidence that the key existed at a certain point in time. 
  
 [RobotCA]s include: 
-# http://www.toehold.com/robotca/  
-# http://pgpkeys.telering.at/robotca/ (discontinued as per 25.01.2005 "due to legal considerations")  
-# http://www.imperialviolet.org/keyverify.html  
-# http://jameshoward.us/Robot_Certificate_Authority  
-# https://box.cardboard.net/crypto/robotca (up and then down again in May 2005)  
-# [PGPGlobalDirectory] (low security) 
+  
+* http://www.toehold.com/robotca/ (mail bouncing as at Oct 2005)  
+* http://pgpkeys.telering.at/robotca/ (discontinued as per 25.01.2005 "due to legal considerations")  
+* http://www.imperialviolet.org/keyverify.html  
+* http://jameshoward.us/Robot_Certificate_Authority  
+* https://box.cardboard.net/crypto/robotca (up and then down again in May 2005)  
+* [PGPGlobalDirectory] (low security)  
+  
 The first two use the same implementation, the first three are wrappers around [GPG]. 
  
-There are some [RobotCA]s which offer a a higher level of trust than simply verifying that email sent to the address list in the uid gets delivered to a holder of the secret key. Generally these are run by organisations and require some form of identification such as a passport. 
+There are some [RobotCA]s which offer a a higher level of trust than simply verifying that [Email] sent to the address list in the uid gets delivered to a holder of the secret key. Generally these are run by organisations and require some form of identification such as a passport. 
  
-# http://cacert.org/  
-# http://www.heise.de/security/dienste/pgp/keys.shtml (German language) 
+* http://cacert.org/  
+* http://www.heise.de/security/dienste/pgp/keys.shtml (German language)