[OSX-Users] Re: signed secure email?

Vladimiro Sassone vs at ecs.soton.ac.uk
Mon Sep 5 14:44:45 BST 2011 

On 5 Sep 2011, at 13:59, dr. m.c. schraefel wrote:
> Vlad - your email here says that it's signed secure. 
> How did you get a cert for your ecs email? 

The best I could find for free is Comodo free email certificate (only one year
validity). Up to last year they included your name in the certificate, but that was 
clearly dodgy because they really didn't check your name was the one you 
claimed. So, I suppose somebody made them stop. Now their free certificates 
will only include your email, which is less nice but for most purposes sufficient.
Or, for a fee, you can obtain a personal certificate.

In the past I had tried to get a certificate from Thawte, which is a much better 
prospect, but requires to undergo an elaborate process whereby three of their 
certified members vouch for you and your email address. That means either find 
some in their list certifiers who personally knows you and your email, or you 
have to find somebody nearby, fill a form, get an appointment, go to them and 
leave a copy of some of your id documents, and evidence that the email 
belongs to you. I could never get the third signature, I expect to try again at some 
stage.

Another alternative is to create your own certificate authority and self-issue your 
certificate. (Believe you can do this with easily with "Keychain Access". Most 
software will of course alert users their are seeing a certificate from an unknown 
certification authority, but as long as you make a certificate that lasts forever, and 
stick to it, it may still serve some purpose: at least it proves that two emails are 
signed with the same certificate, and have not been tampered with. I suppose an 
interesting option would be for the University to issue email certificates.

> - i ask the list as that may be something of more general interest - you're the only person i've seen with this. 
> what's the advantages?

I started to use that when I acted in an official function. It may be useful then to 
be able to see that an email is actually from you (well, from your email address:
I could use "mc schraefel <vs at ecs.soton.ac.uk>" and the certificate would still be
good) and has not be tampered with. 

> also on lion - so sorry it's slow for you - that's one thing i haven't noticed at all on new hardware, but on even a last years mac mini it does seem a wee bit pokey

My hardware is relatively new a macbook pro about one year old. It cannot be that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/osx-users/attachments/20110905/218f0ef0/attachment.bin

More information about the Osx-users mailing list