From: timd@consensus.com (Tim Dierks)
Date: Sat, 11 May 1996 15:59:37 +0800
To: djw@vplus.com
Subject: Re: PGP, Inc.
Message-ID: <v02140b01adb999c66a5d@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:48 PM 5/10/96, Dan Weinstein wrote:
>On Fri, 10 May 1996 10:22:24 -0700, timd@consensus.com wrote:
>>
>>The only effort they make is that when using the email-based CA, it mails
>>the certificate to the address within, so it's not trivial to get a cert
>>for an address that you don't have access to. (I'm not saying it's
>>impossible, or even hard, just that it requires some skill and effort).
>
>I don't believe this is correct.  They send you information after you
>have created the cert verifying that you set it up, but nothing
>requires a response and the key is transfered via http.

If you'll examine my message, you'll see I was referring to the email-based
S/MIME class 1 CA.

Best,
 - Tim Dierks

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development