Recommendations For Personal Digital Certificates?

Keith M Ellis asks: "I've decided it's about time to fully utilize privacy and digital id technology into my internet use. I've used PGP off-and-on for years, of course; and have been half-aware of other services like VeriSign et al. However, now that I'm looking more closely at these technologies, I've been disappointed to find that there doesn't seem to be anything that seamlessly and relatively unobtrusively plugs-in to my various applications and OS. What are the current options for achieving this level of integration; and, if there really aren't any, I'm interested in any thoughts anyone might have about why this is the case and what the future might hold."

Thawte and SSNs

[Skjellifetti]

Thawte requires that you send them your Social Security Number, Passport Number, Drivers License Number or other ID number depending on your home country. This bothers me that my SSN is required to get a personal cert from Thawte. My SSN is already used in too many places.

Let me propose a different scheme. Suppose I printed out an application from a cert seller and took the application to my bank where I presented my ID and had my signature notorized. For extra protection, I could take the notorized page to my local or state government and have the local government provide certified proof that the notory is a legal notory in that jurisdiction (my wife and I had to do this recently for an international adoption). Now I return the application via snail mail (perhaps certified mail) and the cert seller issues me a certificate. The cert seller is protected since they have my notorized signature on file. And now there is no need for them to even know my government ID number.

Re:Why PGP is not integrated into applications

[Rick+the+Red]

Privacy and networking are not opposing forces. The drive to network led us to invent the postal service, and that came with privacy from day one. The analogy is simple: email is a postcard; encrypted email is a letter in an envelope. Even if most people will never read your emails, just as most people will never read your postcards, it is quite possible for your ISP (and many others you don't know) to read your emails, just as it's possible for everyone at the post office to read postcards.

Most people pay bills by mail without a second thought, but they would never pay bills by email. Perhaps that will change with univerally accepted encryption. The question is how to get there from here, and "one person at a time" is as good a way as any.