Full Disclosure mailing list archives
RE: PGP vs. certificate from Verisign
From: Daniel Tams <dantams () myrealbox com>
Date: 11 May 2003 00:00:33 +0200
Yes, they still offer the free certificate. I have one myself. Here http://www.dallaway.com/acad/webstart/ is a writeup on how you can use that free certificate to even sign your Java apps. It is very annoying however that only very few developers properly sign their public keys/certtificates. Most just self-sign it. This is the case with X.509 as well as PGP. Whether you use PGP or X.509 you should always make sure it is signed by someone else, preferrably someone trusted, otherwise the whole idea goes down the sink as any script kiddie could create a public key/certificate with your name and e-mail address on it. The hard part is getting others to vouch for its authenticity. At some computer fairs you will find a booth where you can get your public PGP key signed by a trusted authority (at the CeBit it's c't magazine). - Daniel On Fri, 2003-05-09 at 23:48, Evans, TJ (BearingPoint) wrote:
At one time, i.e. - don't know if it still the case - Thawte would
issue a
"personal cert" free. One advantage PGP has is the existing infrastructure for key
distribution,
so that you do not necessarily need to have someone's public key (yet)
in
order to encrypt to them or verify their signature. If they have
pushed it
out to the publicly accessible key-servers you can get it as needed.
But
again - it depends on what problem you are trying to solve and your preferred method of doing so. TJ
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: PGP vs. certificate from Verisign, (continued)
- RE: PGP vs. certificate from Verisign Evans, TJ (BearingPoint) (May 09)
- Re: PGP vs. certificate from Verisign yossarian (May 09)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 09)
- RE: PGP vs. certificate from Verisign Evans, TJ (BearingPoint) (May 09)
- Re: PGP vs. certificate from Verisign Shawn McMahon (May 11)
- Re: PGP vs. certificate from Verisign yossarian (May 12)
- Re: PGP vs. certificate from Verisign Shawn McMahon (May 12)