Penguin
Recent Changes

Differences between version 2 and previous revision of RobotCA.

Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History

Newer page: version 2 Last edited on Friday, March 12, 2004 4:59:32 am by StuartYeates Revert
Older page: version 1 Last edited on Monday, March 8, 2004 5:02:50 am by StuartYeates Revert
@@ -3,11 +3,17 @@
 A CA which automatically signs public keys which match some requirement. 
  
 Typically [RobotCA]s are set up to validate that the a public key belonging to an email address does actually belong to the email address. This is achieved by the [RobotCA] signing each uid on the public key and sending the signed copy to the email address, encrypted with the public key. If the public key belongs to whoever reads the email address, they recieve the signed copy, can decrypt it and then publish it to the public [KeyServer]s. If the public key does not belong to whoever reads the email address, they recieve are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them. 
  
-[RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular they are only as strong as the underlying [Mail] infrastructure. 
+[RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most are only as strong as the underlying [Mail] infrastructure: anyone who can read another persons mail can impersonate them and anyone who can read and delete another persons mail can get the signature without the person knowing
  
-Currently there are two [RobotCA]s in widespread use: 
+Currently there are three [RobotCA]s in widespread use: 
 # http://www.toehold.com/robotca/ 
 # http://pgpkeys.telering.at/robotca/ 
+# http://www.imperialviolet.org/keyverify.html  
  
-(I've used both of these [RobotCA]s -- StuartYeates) 
+The first two use the same implementation, but all three are wrappers around [GPG].  
+ (I've used all these [RobotCA]s -- StuartYeates)  
+  
+There are some [RobotCA]s which offer a a higher level of trust than simply verifying that email sent to the address list in the uid gets delivered to a holder of the secret key. Generally these are run by organisations and require some form of identification such as a passport.  
+  
+# http://cacert.org/