X.509 (S/MIME, SSL/TLS) certificates

(If any of this is confusing, there's a higher-level description.)

I would personally encourage you to use PGP for encrypting and signing messages to me. While the cryptography involved with both PGP and S/MIME are at least comparable, I consider the certificate authority system to have certain flaws compared to the web of trust system from PGP. While I won't go into them here, please be advised that I prefer PGP's trust model.

That said, you can find my current X.509 client certificates on the key data page. My Thawte certificate is currently preferred over the CAcert certificate for e-mail use; otherwise they are of equal favor.

I am a notary/assurer for both Thawte and CAcert—meaning that I can assure your identity for both if you make a personal appearance to me with supporting documentation.

If PGP software is available to you on some computers and not others, I provide a reasonable stopgap: I have signed my certificates with my PGP key, and vice versa. The signatures are available from the key data page, and are subject to my key signing policy.

Copyright © 2006-2009 Peter S. May. Powered by halbert.