Re: Discontinuance of Thawte personal email certificates and Web of Trust

[jeff murphy <jcmurphy () BUFFALO EDU>]

On Sep 30, 2009, at 11:09 AM, Valdis Kletnieks wrote:

> On Wed, 30 Sep 2009 10:47:34 EDT, jeff murphy said:
>
> > Ignoring personal accounts, it would be interesting to see EDUCAUSE
> > (identity & access mgmt) investigate whether this can be provided to
> > EDUs. Similar to the way .edu is managed by EDUCAUSE, perhaps it's
> > possible to obtain an EDUCAUSE chained root cert by one of the
> > existing roots (IPS?) and then allow EDUs to issue email/TLS certs
> > for
> > themselves using an EDUCAUSE hosted interface. The ability to do this
> > for TLS (SSL) certs alone would be a significant win, from a
> > financial
> > and security perspective, for the EDU community.
>
> Or just leverage the CACert project?
>
> http://www.cacert.org/

I'm pretty sure CAcert doesn't have it's root in any of the browsers,
which is why I didn't bring it up. That's usually the stumbling block
for doing this -- the lack of distribution of your root (or in the
case of a chained root, the root of whomever chained it for you) with
the common operating systems. For this to be successful, it's needs to
be as close to trivial as possible, and that means, imo, not requiring
that users/ITsupport/etc load a root cert into their OS.

jeff

Attachment: smime.p7s
Description: