[unisog] S/MIME Key Management

David Fetrow fetrow at apl.washington.edu
Thu Nov 3 23:38:44 GMT 2005

  You really need access to something that can generate
  keys and be a CA that is trusted by all concerned and
  can manage adding and revoking certs as well. Eudora 6,
  it should be noted, has a particuarly short list of
  trusted CA's and doesn't use the trusted CA lists built
  into operating systems. Netscape/Mozilla/Thunderbird also
  have their own built-in internal trusted CA's but the list
  is at least similar to the ones found in Windows and MacOS.

  For some uses, we use CAcert.org, which is as close to a common
  non-commercial key provider I know about. They are fast, free
  and easy to work with but you have to add them as a trusted
  CA manually on every single machine....sometimes more than
  once (Once for the system, Once for Thunderbird, etc.).

  Many Universities set up their own CA but you have to add
  those certs manually as well and then add the Universities of
  everyone else, not to mention the framework to give and revoke
  hundreds or thousands of individual certs. CAcert is a more
  elegant choice if you trust them.

  My understanding is that one qualification to be included
  in Windows/MacOSs as a default CA is a rather large check
  so I wouldn't hold me breath for default inclusion by free
  CA's any time soon.

David Fetrow                             Office: 206 616-0869
Distributed Computing Services 
Applied Physics Lab, Univ. of Washington

More information about the unisog mailing list