On Fri, 26 Apr 2002, E.L. Willighagen wrote:
How is this different from PGP/GPG signatures? Is it the same? These signitures do not cost me $150 and I can sign and encrypt documents in my email program too...
The technology is similiar. You can create self-signed certs with http://www.openssl.org/ quite easily. See below for simple instructions http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/s1-inst... The idea of certs is built on trust. In absence of a web of trust in the scientific community (because the average scientist is too dense to grok basic concepts of trust and public key cryptography) you rely on an authority -- Thawte/Verisign in this case -- doing the work for you. Inasmuch the authority exercises the proper diligence to verify your identity (by relating to already existing trust agencies, as e.g. verifying your photo ID since Thawte can't possibly know every John Doe) is everybody's guess. In theory a self-signed cert even in absence of a web of trust can build reputation, the question is whether people and agencies will go though pains to track the reputation. chemweb: A list for Chemical Applications of the Internet. To post to list: mailto:chemweb@ic.ac.uk Archived as: http://www.lists.ic.ac.uk/hypermail/chemweb/ To (un)subscribe, mailto:majordomo@ic.ac.uk the following message; (un)subscribe chemweb List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)