Certificate Purposes
Hello,
I have a personal email signing certificate from Thawte. The certificate is issued in my name. The certificate is installed in the system.
If I look at the certificate from Internet Explorer Options/Content/Certificat
But if I send an email signed with this certificate, and then look at the certificate already in the email (sent or received - same thing), I see only purpose "Protects email messages". Same in Outlook and in Outlook Express.
Why I don't see "proves your identity" purpose in the certificate in email?
I have a personal email signing certificate from Thawte. The certificate is issued in my name. The certificate is installed in the system.
If I look at the certificate from Internet Explorer Options/Content/Certificat
But if I send an email signed with this certificate, and then look at the certificate already in the email (sent or received - same thing), I see only purpose "Protects email messages". Same in Outlook and in Outlook Express.
Why I don't see "proves your identity" purpose in the certificate in email?
ASKER
http://technet2.microsoft.com/windowsserver/en/library/2746cc74-5401-443b-898f-5dc53b1cbcb01033.mspx?mfr=true says
-------------------
Certificates issued to persons
Once you have purchased a certificate and you use it to digitally sign an e-mail message, the message recipient can verify that the message has not been altered during transit and that the message came from you
-------------------
What purpose is used to "verify that the message came from you"?
Thawte website says:
http://www.thawte.com/secure-email/web-of-trust-wot/index.html?click=main-nav-products-wot
--------------------------
The thawte Web of Trust (WOT) is a Certification system that allows your identity to be validated for use in your Personal Certificate.
Join for free and:
* Sign your mail
.....
--------------------------
so, Thawte is giving inaccurate information, and in fact you can't sign your email with their certificate?
-------------------
Certificates issued to persons
Once you have purchased a certificate and you use it to digitally sign an e-mail message, the message recipient can verify that the message has not been altered during transit and that the message came from you
-------------------
What purpose is used to "verify that the message came from you"?
Thawte website says:
http://www.thawte.com/secure-email/web-of-trust-wot/index.html?click=main-nav-products-wot
--------------------------
The thawte Web of Trust (WOT) is a Certification system that allows your identity to be validated for use in your Personal Certificate.
Join for free and:
* Sign your mail
.....
--------------------------
so, Thawte is giving inaccurate information, and in fact you can't sign your email with their certificate?
I think you read this wrong. That's the second purpose: 'Protect email message'. By signing it you also verify your identity, because you have the certificate with the private key.
Signing an email and validating your identity to a remote system are two diferent purposes with the same goal.
J.
Signing an email and validating your identity to a remote system are two diferent purposes with the same goal.
J.
ASKER
I understand that "protect email message" means that certificate ensures that the email has not been tampered with wince it left the sender.
But I'm interested in the 2nd purpose. On Thawte, you can get generic email certificate issued to "email user" that protects email message; but you can go further and acquire your personal certificate by showing your id to their notary - see "web of trust" above. Then you get your personal certificate issued to your real name. That, as I understand, is what is achieved by the purpose "proves your identity", and that's what Thawte means when they say "allows your identity to be validated for use in your Personal Certificate". What I don't understand is how sender's identity can be validated by the recipient if the certificate does not say that it can be used for this purpose.
But I'm interested in the 2nd purpose. On Thawte, you can get generic email certificate issued to "email user" that protects email message; but you can go further and acquire your personal certificate by showing your id to their notary - see "web of trust" above. Then you get your personal certificate issued to your real name. That, as I understand, is what is achieved by the purpose "proves your identity", and that's what Thawte means when they say "allows your identity to be validated for use in your Personal Certificate". What I don't understand is how sender's identity can be validated by the recipient if the certificate does not say that it can be used for this purpose.
ASKER
Discussing this in security-related newsgroup gained much more results.
http://groups.google.com/group/microsoft.public.security/browse_thread/thread/43c941fb3bad6020/c4d142ac3162877f
http://groups.google.com/group/microsoft.public.security/browse_thread/thread/43c941fb3bad6020/c4d142ac3162877f
I'm sorry, I forgot to continu on this question. Agree the closure.
J.
J.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
J.