TriNetre - Archive for October 06, 2004
(no longer updated)
Once you have joined CACert, you can request your PGP key to be signed by CACert's key. If you have more than 50 points, the key is signed with high trust (i.e CACert's name is added) and if you don't, your key is signed with low trust (i.e CACert's name is not mentioned in the signature). However recently I discovered a problem with this key signing process of CACert.
A logical constrain that CACert places is that the uid for the keys it signs should have the same name as in user's CACert account. When I created my first uid for the GPG Key ID 72DD5838 , I had used the "LastName FirstName" format since it was a common practise in India to put names in that format and created uid "Krishnan Nair Srijith". However, I realised that "FirstName LastName" format is preferred by most people and hence, I revoked this uid and created a new uid "Srijith Krishnan Nair". When I created my CACert account, I followed the same convetion and used "Srijith Krishnan Nair". Now the problem is that CACert does not check whether the uids associated with a key is revoked or not. As it does not distinguish between a revoked uid and a non-revoked one, it refuses to sign my key saying that uid 1 does not match the name as per CACert account.
Though I found the bug for my specific issue, it begs the bigger question - Why does CACert not look out for revoked uids!? What if I had a uid which I had revoked because I no longer have access to the email address I had used in the uid? Given the way it works now, CACert will never sign such a key since one cannot register the unusable email address with CACert.
Puzzled.
I have become an assurer for CACert and can notarise your identity for CACert and give 20 points. Please contact me if you are in Amsterdam and would like to get yourself assured for CACert. You need a total of 50 points to be able to request a certificate containing your name from CACert.
CAcert is a certification program which is very similar to Thawte's. The difference is that CAcert is a non-profit organisation. Thawte on the other hand is a commercial company, a subsidiary of security giant Verisign. A very important difference between CAcert and Thawte is that Thawte's root-certificate is included in almost every operating system and e-mail program. This is not the case for CAcert. Its root-certificate is currently not in any 'trusted store'. In fact, there is only a slim chance that this will happen because software vendors generally want to be paid big bucks for this privilege. This means that users will always receive a cryptic warning when they receive a message signed with a certificate issued by CAcert.
"American Gods" by Neil Gaiman is a very interesting novel that follows the protagonist Shadow as he is recruited by "Wednesday" to fight for the old forgotten and burnt-out Gods, against the new gods of media, technology and other. The book provides a nice outside perspective on American culture and how it has been moulded by people who have crossed oceans from around the world to settle there.
I have grown to like Gaiman's style of story telling, mixing mythology, facts, fiction and cultures into one big creative soup. The fact that I finished reading this 480 pages book in about a week, that too when SANE 2004 was going on, speaks voulmes of how much of a page-turner I found the book to be.
As a side note, one thing that constantly disturbed me was the several occassions where Goddess Kali from Hindu mythology was addressed as "Mama-ji". "Mama" while in English means mother, in Hindi it means maternal uncle. Calling Goddess Kali "maternal uncle" sounds weird. I wonder why the author didn't just use "Mata-ji", "Mata" in Hindi means mother. Did he make a mistake or did he put the English word "Mama" without knowing that "mama" has an altogether different meaning in Hindi?
