On Tue, Sep 10, 2013 at 1:18 PM, Ted Lemon <Ted.Lemon@xxxxxxxxxxx> wrote:
--
Website: http://hallambaker.com/
On Sep 10, 2013, at 12:32 PM, Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote:This appears to be untrue.
> The CA NEVER ever gives the user the key in any of the systems I have worked on.
> Comodo offers that exact service today.The Comodo service generates the key pair for you. This means that they have your private key. We would hope that they would behave responsibly, but we don't have the assurance we would have if we generated the key pair and sent them only the public half.
>
> https://secure.comodo.com/products/!SecureEmailCertificate_Signup
You go to a Web page that has the HTML or _javascript_ control for generating a keypair. But the keypair is generated on the end user's computer.
The service could send you an ActiveX keygen control with a backdoor but I am not on Windows right now. I generated the keypair on Chrome and I have all runtime objects turned off.
The CA returns the signed certificate to you, but that is the public key part.
Website: http://hallambaker.com/