Robot certificate authority

Robot certificate authority

A robot certificate authority is a certificate authority (CA) which automatically signs public keys which match some requirement.

Typically Robot CAs are set up to validate that the public key belonging to an e-mail address does actually belong to the e-mail address. This is achieved by the Robot CA signing each uid on the public key and sending the signed copy to the e-mail address, encrypted with the public key. If the public key belongs to whoever reads the e-mail address, they receive the signed copy, can decrypt it and then publish it to the public key servers. If the public key does not belong to whoever reads the e-mail address, they are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them.

Robot CAs are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most robot CAs are only as strong as the underlying e-mail infrastructure: anyone who can read another person's mail can impersonate them . Robot CAs also offer no evidence as to the real identity of an OpenPGP user, merely their e-mail address. All well behaved Robot CAs use a signature policy URL, which is the URL of the policy under which the keys are signed.

A Robot CA also has the side effect of serving as a time stamp server for keys because a time stamp is included in the signature added to the key. The signature is evidence that the key existed and was in use at a certain point in time.

ee also

*CAcert
*Web of trust

External links

Free Robot Certification Authorities

OpenPGP

* [http://cacert.org/ CAcert] (Offers only verified signatures, not a true robot)
* [http://jameshoward.us/Robot_Certificate_Authority JamesHoward.us Robot CA]
* [http://www.toehold.com/robotca/ Toehold (Kyle Hasselbacher)] (may no longer function, though page can still be accessed)
* [http://www.signedtimestamp.org/robotca.php signedtimestamp.org]
* [http://www.imperialviolet.org/keyverify.html Imperial Violet (Adam Langley)]
* [https://keyserver.pgp.com/ PGP Corporation email verification service]

SSL

* [http://cacert.org/ CAcert] (Supports both SSL & OpenPGP, on any software or hardware.)
* [https://cert.startcom.org/ Startcom] (Basic email certificates are free, others cost)
* [https://secure.certifyid.com/ CertifyID Certificates] {Only Internet Explorer is supported running on a Microsoft operating system.)
* [http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html Comodo] (Internet Explorer only, email certificates are free, others cost)


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Certificate authority — In cryptography, a certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others… …   Wikipedia

  • Public key infrastructure — In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through …   Wikipedia

  • CAcert.org — is a community driven certificate authority that issues free public key certificates to the public [ [https://www.cacert.org/index.php?id=12 About CAcert] ] (unlike other certificate authorities which are commercial and sell certificates). CAcert …   Wikipedia

  • Comparison of SSL certificates for web servers — The following table compares various features of SSL digital certificates on the market, used for securing communication with web servers. Comparison Certificate authority Product name Number of domains included Number of subdomains included Cost …   Wikipedia

  • Jerga informática — Anexo:Jerga informática Saltar a navegación, búsqueda El lenguaje de la informática está caracterizado por emplear numerosos anglicismos, puesto que el idioma inglés se ha convertido en la lengua franca de la informática. El uso de algunas… …   Wikipedia Español

  • Anexo:Jerga informática — El lenguaje de la informática está caracterizado por emplear numerosos anglicismos, puesto que el idioma inglés se ha convertido en la lengua franca de la informática. El uso de algunas palabras difiere en España e Hispanoamérica. Índice: A B C D …   Wikipedia Español

  • List of The Dukes of Hazzard episodes — This is a list of episodes for the 1979 1985 CBS action comedy adventure series, The Dukes of Hazzard. Contents 1 Season 1 (1979) 13 episodes 2 Season 2 (1979 1980) 23 episodes 3 Season 3 (1980 1981) 22 episodes …   Wikipedia

  • Vol 604 Flash Airlines — Vol Flash Airlines FSH 604 Carte de situation de Charm el Cheikh Caractéristiques de l’accident Date 3 janvier 2004 Type Décollage Site …   Wikipédia en Français

  • performing arts — arts or skills that require public performance, as acting, singing, or dancing. [1945 50] * * * ▪ 2009 Introduction Music Classical.       The last vestiges of the Cold War seemed to thaw for a moment on Feb. 26, 2008, when the unfamiliar strains …   Universalium

  • List of minor characters in Kim Possible — This page is for minor characters in the fictional universe of Disney s animated television series Kim Possible . Typically, these characters only appear once or twice, serve no purpose other than to further the plot, and are not specifically… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”