Theres safety in anonymity

 
 
By Jim Rapoza  |  Posted 2001-01-15 Email Print this article Print
 
 
 
 
 
 
 

The need for anonymous digital certificates that protect the privacy of individuals is well-accepted, but the need for anonymous certificates from businesses and certificate authorities is often overlooked.

The need for anonymous digital certificates that protect the privacy of individuals is well-accepted, but the need for anonymous certificates from businesses and certificate authorities is often overlooked.

This issue arose during discussions at the recent eWeek Labs eValuation of PKI (public-key infrastructure) systems. Content protected by digital certificates is protected through strong encryption, but as long as certificates carry information about senders, a snoop can glean key information just by knowing what a person has chosen to protect and sign.

Because they operate as trusted authorities, anonymous certificates might seem to be a strange choice for companies and CAs (certificate authorities). However, signed certificates themselves can be revealing. For example, anyone who cares to can identify employees and trade partners of a government agency via its keys. In addition, when a digital certificate is used as a public key, a miscreant might be able to sign content with the key to make it look like information originated from an organization.

Businesses shouldnt automatically distrust content signed by an anonymous CA. It might be more trustworthy than you think.

 
 
 
 
Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel