[Sussex] Computer Fair Tomorrow
Colin Tuckley
colin at tuckley.org
Sat Nov 6 16:44:54 UTC 2004
Mark Harrison wrote:
> OK, Now I'm very confused.
>
> If you don't do anything on a computer with the information, why is it
> collected?
>
> The whole point of this is to issue certificates, surely?
Err... Yes... and No.
The point is to form a web of trust. To do this I check that you are who you
say you are and then add "assurance points" to your CACERT account. Once you
have enough points you can get your certificate signed by the CACERT root
certificate. This being much more acceptable than a "self-signed"
certificate. Also once you have enough points you can act as an assurer
yourself.
At no time does any of your personal data get put into a computer - it's
used purely to prove your identity to me. As Iain said this has been
mentioned on the CACERT site recently.
The CACERT site has had a major rebuild recently, there is (somewhere) on it
a FAQ about how their system works.
regards,
Colin
--
Colin Tuckley | colin at tuckley.org | PGP/GnuPG Key Id
+44(0)1903 236872 | +44(0)7775 900262 | 0x1B3045CE
"Waiter, there's no fly in my soup!" -- Kermit the frog
More information about the Sussex
mailing list