Actually, they can be worth a fair bit; it depends on the circumstances.
Take the following scenario:
1) Bank wants to authenticate its users via certs, but doesn't want
to become a certificate issuer.
2) Bank trusts N certificate providers that do nothing but guarantee
that the cert is unique.
3) Bank provides, as part of customer signup, a way to authenticate
the
user against an already existing certificate. (E.g.
"Ok, we know you are a user using cert X from CA N. Now give
us your userid and password."
Customer provides these information, validated against the
back end.
After the above dialoge, the certificate has now been associated
with the user in question.
There may be limited business value in doing such work, because of
the pain that certificate management entails, and their portability
problems, etc.
However, an automated certificate _can_ have value.
Another scenario that may have value:
1) User requests a certificate from an "auto-signing" CA
2) The CA takes the request, but before giving back the
cert, collects the user's email
3) The user is then sent an email message containing
a unique activation code in a URL
4) The user receives the email and clicks on the link.
5) The certificate is downloaded into the browser after
verifying the activation code.
What does the above show? (Providing I haven't missed any
glaring holes in the above? anyone?) That the user with
the specified certificate has the specified email address,
which can be imbedded in the certificate.
That may have a whole slew of values in the secure-email
world, and can be set up on a 100% automated basis.
Cheers, Thomas
Tom Jordan wrote:
>
> What's the value of an automated signing procedure? If you're signing certs
> in an automated fashion, how much are they really worth (ie. what
> 'certification' has really happened)?
>
> At 04:12 PM 4/21/2000 +0400, you wrote:
> >Hello all,
> >
> > I have a theoretic question.
> > What is the best way to store CA private key ? Put in the file on
> > the comp, running the web server and facing the internet seems to me
> > not very secure. But from the another point of view I'd like to
> > automate an certificate signing procedure.
> > Might be it is a doc in the net devoted this problem ? I read an
> > OpenCA docs and found it schema safe, but slow for "certificate
> > requestors". Are there any other interesting public solutions ?
> >
> >Best regards,
> >Fedor Utenkov
> >
> >______________________________________________________________________
> >OpenSSL Project http://www.openssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
------------------------------------------------------------
Thomas Reinke Tel: (905) 331-2260
Director of Technology Fax: (905) 331-2504
E-Soft Inc. http://www.e-softinc.com
Publishers of SecuritySpace http://www.securityspace.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
