[Sussex] Computer Fair Tomorrow

Colin Tuckley colin at tuckley.org
Sat Nov 6 16:44:54 UTC 2004


Mark Harrison wrote:

> OK, Now I'm very confused.
> 
> If you don't do anything on a computer with the information, why is it
> collected?
> 
> The whole point of this is to issue certificates, surely?

Err... Yes... and No.

The point is to form a web of trust. To do this I check that you are who you 
say you are and then add "assurance points" to your CACERT account. Once you 
have enough points you can get your certificate signed by the CACERT root 
certificate. This being much more acceptable than a "self-signed" 
certificate. Also once you have enough points you can act as an assurer 
yourself.

At no time does any of your personal data get put into a computer - it's 
used purely to prove your identity to me. As Iain said this has been 
mentioned on the CACERT site recently.

The CACERT site has had a major rebuild recently, there is (somewhere) on it 
a FAQ about how their system works.

regards,

Colin

-- 
Colin Tuckley      |  colin at tuckley.org  |  PGP/GnuPG Key Id
+44(0)1903 236872  |  +44(0)7775 900262  |     0x1B3045CE

  "Waiter, there's no fly in my soup!" -- Kermit the frog




More information about the Sussex mailing list