July 26, 2004

S/MIME Revisited

I just realized that S/MIME may be a bit enigmatic a word to throw out there.

It's public key encryption with authentication handled by a central certificate authority, or CA. In my case, Thawte is the CA. They gave me my certificate, which also acts as a 2,048 bit key for encryption. Thawte keeps track of trust points that enable you to do more. Fifty points will let you put your real name on your certificate, essentially ensuring to the recipient that you are you.

To get trust points, you have to meet up with notaries, and not the ones at the post office. Thawte's CEO was the initial notary, capable of giving 100 points to anyone. With 100 points, you become a notary yourself, so he hand-picked a couple of closely trusted colleagues to be the initial notaries. They were able to give ten points to begin with, which could grow to 35 as they assigned points to more people.

A notary needs to meet you in person to verify your identity, and must withhold a copy of two nationally sanctioned identification records-birth certificates, DL's and the like-to give you points. Notaries are widespread (there are 18 here in Austin), so finding enough to become authenticated isn't a problem.

S/MIME is a powerful tool to encrypt sensitive data, and if enough of your acquaintances adopt it, siphoning out spam could possibly become easier. Feel free to comment on my mistakes, if there are any... I'm new to the whole crypto scene.


Post a Comment

<< Home