[RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most robot CAs are only as strong as the underlying [Mail] infrastructure: anyone who can read another persons mail can impersonate them and anyone who can read and delete another persons mail can get the signature without the person knowing. Robot CAs also offer no evidence as to the real identity of an OpenPGP user, merely their email address. All well behaved Robot CAs use a [SignaturePolicyURL], which is the [URL] of the policy under which the keys are signed. 

  

 A [RobotCA] also has the side effect of serving as a TimeStampServer for keys---because a time stamp is included in the signature added to the key, the signature is evidence that the key existed at a certain point in time. 

  

 # http://www.toehold.com/robotca/ 

 # http://pgpkeys.telering.at/robotca/ (discontinued as per 25.01.2005) 

 # http://www.imperialviolet.org/keyverify.html 

 The first two use the same implementation, the first three are wrappers around [GPG]. 

 (I've used all these [RobotCA]s -- StuartYeates) 

  

 There are some [RobotCA]s which offer a a higher level of trust than simply verifying that email sent to the address list in the uid gets delivered to a holder of the secret key. Generally these are run by organisations and require some form of identification such as a passport. 

  

 # http://cacert.org/