Rohr, Rob wrote:
> I've noticed that a bunch of CITers (Dean Williams, Frank ) are signing
> messages with Thawte Freemail certs. Good idea. Is this the
> recommended mechanisms for getting certificates for users?
I wouldn't say it's the recommended mechanism. Several in CIT are
experimenting with certificates to sign/encrypt our email. But we
aren't ready to make any kind of specific recommendation yet. We're
still working through many of the issues.
Before we went ahead with any kind of large scale deployment, we
certainly need to examine the issues around a UVM certificate authority
(and how much would it cost to be signed by a "real" CA, so the certs
are trusted by default).
> If we want users to act responsibly with private data, it would be
> worthwhile to provide an infrastructure in which safe computing habits
> don't rely on individual bull-headed geekery as a prerequisite to safe
> computing behavior.
Indeed. We are delving into email certificate signing now - hopefully
we'll have more real world experience soon. Expect more information
from us in this space in the next few months. In the meantime, I see
you have a cert now too - sign away - let us know about your
experiences, and what if any issues you run into.
Thanks!
mga.
|