Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
RobotCA
Edit
PageHistory
Diff
Info
LikePages
You are viewing an old revision of this page.
View the current version
.
Part of the [PGP]/[GPG] [PKI]. A CA which automatically signs public keys which match some requirement. Typically [RobotCA]s are set up to validate that the a public key belonging to an email address does actually belong to the email address. This is achieved by the [RobotCA] signing each uid on the public key and sending the signed copy to the email address, encrypted with the public key. If the public key belongs to whoever reads the email address, they recieve the signed copy, can decrypt it and then publish it to the public [KeyServer]s. If the public key does not belong to whoever reads the email address, they recieve are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them. [RobotCA]s are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular they are only as strong as the underlying [Mail] infrastructure. Currently there are two [RobotCA]s in widespread use: # http://www.toehold.com/robotca/ # http://pgpkeys.telering.at/robotca/ (I've used both of these [RobotCA]s -- StuartYeates)
6 pages link to
RobotCA
:
PublicKeyInfrastructure
PGPGlobalDirectory
KeySigningScripts
TimeStampServer
SignaturePolicyURL
KeySigningParty