A colleague has asked if anyone still uses and purchases personal digital certs, the kind you'd buy from Thawte and the like? He reports "In days gone by there was good old Thawte. Not only valid signature but even Notary status. Sold out to Verisign (not all bad as then we got Ubuntu). I got a Verisign ‘person’ certificate (for around $25/year). I think Verisign is no more also." He asks if there is anywhere reliable to get one from?
On 30 May 2014 09:14, Colin Fee <tfeccles@gmail.com> wrote:
A colleague has asked if anyone still uses and purchases personal digital certs, the kind you'd buy from Thawte and the like?
(assuming you mean X509 certificate) What would you do with a personal digital certificate? I don't think the idea really caught on. There is email, however GPG seems to be the more popular approach. I think it is still possible to get them however. -- Brian May <brian@microcomaustralia.com.au>
Brian May wrote:
There is email, however GPG seems to be the more popular approach.
AIUI FOSS people use GPG; within organizations S/MIME is popular for the obvious reason -- your configuration management instructs everyone's desktop to trust the org CA cert, and you don't have to go around updating keyrings every time you hire (or sack) someone. But in that case, the org will issue you your cert; you needn't buy one.
What would you do with a personal digital certificate? I don't think the idea really caught on.
I've seen client-side certs used in a couple of web apps, and I've used them for WPA2 Enterprise EAP-TLS method (cf. EAP-TTLS). But in general they will do the thing where the server generates the client-side key & cert and you download them both in a zipfile. And there's no way to do it properly. Blech. (Some OpenVPN-in-a-box devices do that, too, come to think of it.)
It's to be used for signing or certifying documents. This is in a Windows context btw. In the use case I was shown, a form, either paper or a fillable PDF, is issued for the dispensing of dangerous chemical compounds in a pharma research context. The digital cert is used to sign/cert the doco to ensure that no unauthorised changes are made. e.g. form is signed for the issue of 1mg and then end-user changes the form to 10mg. On 30 May 2014 09:34, Brian May <brian@microcomaustralia.com.au> wrote:
On 30 May 2014 09:14, Colin Fee <tfeccles@gmail.com> wrote:
A colleague has asked if anyone still uses and purchases personal digital certs, the kind you'd buy from Thawte and the like?
(assuming you mean X509 certificate)
What would you do with a personal digital certificate?
I don't think the idea really caught on.
There is email, however GPG seems to be the more popular approach.
I think it is still possible to get them however. -- Brian May <brian@microcomaustralia.com.au>
-- Colin Fee tfeccles@gmail.com
participants (3)
-
Brian May -
Colin Fee -
Trent W. Buck