Recommendations For Personal Digital Certificates? 17
Keith M Ellis asks: "I've decided it's about time to fully utilize privacy and digital id technology into my internet use. I've used PGP off-and-on for years, of course; and have been half-aware of other services like VeriSign et al. However, now that I'm looking more closely at these technologies, I've been disappointed to find that there doesn't seem to be anything that seamlessly and relatively unobtrusively plugs-in to my various applications and OS. What are the current options for achieving this level of integration; and, if there really aren't any, I'm interested in any thoughts anyone might have about why this is the case and what the future might hold."
Thawte (Score:3, Informative)
PGP also integrates nicely into Outlook 2K. GPG however does better in Outlook Express.
Re:Thawte (Score:2, Informative)
but in nearly any product I've seen.
I for example get my freemail cert via IE, then
export it as
and convert it to PEM via openssl pkcs12.
These files I can use with, e.g. openssl smime.
Thawte's free mail certs are good because they
are free and their root cert is in nearly any known
browser (and IIRC in the openssl source, too).
Why PGP is not integrated into applications (Score:1)
Re:Why PGP is not integrated into applications (Score:3, Insightful)
Most people pay bills by mail without a second thought, but they would never pay bills by email. Perhaps that will change with univerally accepted encryption. The question is how to get there from here, and "one person at a time" is as good a way as any.
Low cost certs (Score:1, Informative)
Re:Low cost certs (Score:1)
Those are SERVER certificates (Score:1)
Digital Certificates (Score:1)
Tony Maupin
Tony@TheMaupins.com
Thawte and SSNs (Score:2, Insightful)
Let me propose a different scheme. Suppose I printed out an application from a cert seller and took the application to my bank where I presented my ID and had my signature notorized. For extra protection, I could take the notorized page to my local or state government and have the local government provide certified proof that the notory is a legal notory in that jurisdiction (my wife and I had to do this recently for an international adoption). Now I return the application via snail mail (perhaps certified mail) and the cert seller issues me a certificate. The cert seller is protected since they have my notorized signature on file. And now there is no need for them to even know my government ID number.
Easy Windows use for the avg. Joe? (Score:1)
If you're looking for ease of use and seamless integration with Windows OS and email (for the average Joe), you can try Cypherus and/or Ensuredmail (both listed at http://www.onlineprivacystore.com ). Ensuredmail is just great for seamless self-opening email encryption to ANYONE with a Java-capable browser (i.e. without using PKI). The more capable Cypherus makes using PKI with Windows email as seamless as possible, and it can also separately create compressed (Zip-comparable) self-decrypting archives from any groups of files/folders whether for local security use, email attachments, etc. Both make set-up and day-to-day use simple point-n-click affairs (especially with their intelligent Outlook integration).
I've been running both on my oldest workhorse Win PC, but my poor Outlook apparently's been overloaded with too many plug-ins and is giving me fits...
Depends on purpose, but there are options (Score:4, Interesting)
If you're looking for a solution that's cross-platform, there are options for most any OS for either a PGP-ish solution or a X.509-based solution (traditional Verisign-issued certificates), but as things are today, PGP-based solutions are generally easier for UNIX while X.509-based solutions are generally easier for Windows.
For Windows, a lot of the certificate stuff is built in, which makes it easy for applications to support it. There are PGP plug-ins, which, while not exactly polished, have worked for me in the past. (Function over form, if you ask me.)
For UNIX, you'll generally need OpenSSL-based software if you want to make use of X.509. For e-mail, mutt even has support for these certificates (which is how I'm starting to do things today, so that less savvy Windows users can get my signed messages without having to install extra PGP software).
If you ask me, the digital certificate approach seems to be winning out, for the usual Microsoft reasons. I personally like the way PGP-style authentication is done, where you explicitly trust your closest friends, and other peoples' keys can have trust inherited from that, etc. The way things are now, you kind of have to assume that the certificates you're given (bundled in your application) are really trustworthy. Given the volume of such certificates bundled in browsers today, it's only a matter of time before one of those barely-recognizable companies get their certificates compromised, at which point things are going to start sucking.
Re:Depends on purpose, but there are options (Score:2)
Where are the PGP key servers? "Trust" is a nice concept, but you still need to be able to communicate with strangers with no common mutual friends. You still need to be able to check whether a key has been compromised/revoked.
In some ways more importantly, where's the continuity? I can revoke a cert, issue a new one, and it shouldn't cause any problem for most users. But if you revoke your cert (e.g., because I know it's been compromised) how can I transparently transition to your next cert.
I think what many people have forgotten is that PGP was never intended to replace centralized authorities, just to provide an alternative at a time when it looked very possible that a government monopoly on certs (with mandatory key escrow) could be put into place. PKIX makes a lot more sense for most situations, as long as there's not a single government-mandated provider.
CAs (Score:3, Interesting)
Re:CAs (Score:3, Informative)
You're correct that it's not difficult to sign certs. But a CA needs to do a lot more than that. You need to be able to handle revocations and renewals, while avoiding the fradulent revocations and renewals by third parties. You need to be able to publish the certs and CRLs to any interested party. You need to provide the standard search methods.
And once you've done all of that, you're still left with the question of exactly what the cert means. A free cert that shows nothing but the fact that you have an email address isn't particularly useful. It gives you encrypted email, but no real authentication.
That's better than nothing, but the suspect the other people working on CA projects feel that we'll get more benefit from our efforts elsewhere.
Re:CAs (Score:1)
Re:CAs (Score:2)
The problem is that a production CA almost certainly follows nesting 90-10 rules. 90% (or more) of the time is spent on lookups, with 10% for everything else. 90% of *that* is spent authenticating the identity of people requesting some action, 10% is spent actually doing the work. Yet most of the OSS CA code focuses on that sexy 1%, not the boring (but critical) 99%.
As for openca in particular, I seem to recall that it used a storage mechanism similar to that used by the openssl ca approach. That's separate files, with symlinks from the 32-bit hash of the entire key. That's good enough for a proof-of-concept toy, but a CA needs to be able to support *fast* searches on 6-8 separate search keys (e.g., subject DN, issuer DN, issuer + SN, hashses of same, subject keyid, whole-cert hash, and ideally components of the DNs.) And those hases are should be the full 160-bit SHA1 hash, base64 encoded.
The CA also needs to support these lookups through LDAP and HTTP, and should be able to present the information in a variety of formats for the various users.
That's why I wrote my PKIX extensions to PostgreSQL, and the cert repository code in JSP/servlets. Not because I expect to have million-record repositories, but because it's easy to integrate the repository with other systems. It's why the author of EJBCA is using EJB in his CA - again it provides an easy way to integrate with other systems via J2EE.
Since I could create such a public CA easily enough, why don't I? Simple - I feel my time is better spent figuring out how to work with crypto java cards under Linux, not creating what amounts to a toy. Or using the same certs to provide strong encryption in PostgreSQL. (In fact, I originally implemented an OpenPGP style encryption, then switched to PKCS7 cert style encryption. Basic crypto support is already available, but full support requires extensions to the grammar and a lot more DB-specific knowledge than I have at the moment.) Or continuing to develop my CD-R backup program that so that the compressed tar files are encrypted. Again, for technical reasons I started with OpenPGP formatting and switched to PKCS7.