Slashdot Mirror

← Back to Stories (view on slashdot.org)

Recommendations For Personal Digital Certificates?

Posted by timothy on from the entrepreneurs-wanted dept.

Keith M Ellis asks: "I've decided it's about time to fully utilize privacy and digital id technology into my internet use. I've used PGP off-and-on for years, of course; and have been half-aware of other services like VeriSign et al. However, now that I'm looking more closely at these technologies, I've been disappointed to find that there doesn't seem to be anything that seamlessly and relatively unobtrusively plugs-in to my various applications and OS. What are the current options for achieving this level of integration; and, if there really aren't any, I'm interested in any thoughts anyone might have about why this is the case and what the future might hold."

4 of 17 comments (clear)

  1. Thawte by danielrose · · Score: 3, Informative

    Thawte digital signatures integrate really well into MS Outlook (at least Outlook 2K).
    PGP also integrates nicely into Outlook 2K. GPG however does better in Outlook Express.

    --
    i hate pansy republicans
    1. Re:Thawte by mirabilos · · Score: 2, Informative

      Thawte does not only integrate nicely into OjE,
      but in nearly any product I've seen.
      I for example get my freemail cert via IE, then
      export it as .pfx (M$ home-brown pkcs#12 extension)
      and convert it to PEM via openssl pkcs12.
      These files I can use with, e.g. openssl smime.

      Thawte's free mail certs are good because they
      are free and their root cert is in nearly any known
      browser (and IIRC in the openssl source, too).

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  2. Low cost certs by Anonymous Coward · · Score: 1, Informative

    The lowest cost certificate I have found are those guys here advertising on slashdot with the $120 certificates

  3. Re:CAs by coyote-san · · Score: 3, Informative

    If it's so easy, why haven't you done it?

    You're correct that it's not difficult to sign certs. But a CA needs to do a lot more than that. You need to be able to handle revocations and renewals, while avoiding the fradulent revocations and renewals by third parties. You need to be able to publish the certs and CRLs to any interested party. You need to provide the standard search methods.

    And once you've done all of that, you're still left with the question of exactly what the cert means. A free cert that shows nothing but the fact that you have an email address isn't particularly useful. It gives you encrypted email, but no real authentication.

    That's better than nothing, but the suspect the other people working on CA projects feel that we'll get more benefit from our efforts elsewhere.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken