Robot certificate authority
From Wikipedia, the free encyclopedia
A robot certificate authority is a certificate authority (CA) which automatically signs public keys which match some requirement.
Typically Robot CAs are set up to validate that the public key belonging to an e-mail address does actually belong to the e-mail address. This is achieved by the Robot CA signing each uid on the public key and sending the signed copy to the e-mail address, encrypted with the public key. If the public key belongs to whoever reads the e-mail address, they receive the signed copy, can decrypt it and then publish it to the public key servers. If the public key does not belong to whoever reads the e-mail address, they are unable to decrypt the encrypted key, but the accompanying message gives them sufficient information to let them know that that someone is attempting to impersonate them.
Robot CAs are considered significantly less secure that other CAs, which typically require multiple forms of photograph identification. In particular most robot CAs are only as strong as the underlying e-mail infrastructure: anyone who can read another person's mail can impersonate them. Robot CAs also offer no evidence as to the real identity of an OpenPGP user, merely their e-mail address. All well behaved Robot CAs use a signature policy URL, which is the URL of the policy under which the keys are signed.
A Robot CA also has the side effect of serving as a time stamp server for keys because a time stamp is included in the signature added to the key. The signature is evidence that the key existed and was in use at a certain point in time.
Contents |
[edit] See also
[edit] External links
- CAcert.org
- SignedTimestamp.org
- cardboard.net llc
- Imperial Violet (Adam Langley)
- Robot Certificate Authority, at JamesHoward.us
- Toehold (Kyle Hasselbacher)
- tele.ring Telekom Service GmbH, discontinued as of January 25, 2005
[edit] Robot Certification Authorities
[edit] OpenPGP
- cardboard.net llc "currently broken"
- Robot Certificate Authority, at JamesHoward.us
- Toehold (Kyle Hasselbacher)
- signedtimestamp.org