joey/ joeyca

I do not really hold with the Certificate Authority concept. Verisign et al provide a useful service (and make lots of money doing so), but the web of trust concept pioneered by pgp and gpg is a better match for the ideally decentralized nature of the internet, at least amoung people who really understand public-key cryptography and aren't soley interested in seeing a little closed padlock icon when they click on "buy now" in Ebay.

As such, I am unlikely to ever pay the big boys money to certify that I am me, when dozens of well-known people in the free software community have already done that, by meeting me in person, scrutinizing me and my ID, and signing my gpg key. But I want to use all that cool crypto stuff. I want you to be able to connect to my servers using ssh, TLS email, https, etc, and verify that they are really my servers. The best solution, at the moment, seems to be becoming my own CA. A good tutorial for doing so is here.

So, I certify that I am me. That is, I certify that my CA's certificate is indeed my certificate, by signing it with my well-known gpg key (key id 788A3F4C Joey Hess <joey@kitenet.net>; also on a key server near you). I'll do that by signing the certificate with gpg, generating this signed version which you can verify, and then import into your system.

With that established, I am a CA that you hopefully can trust, so I'll issue some certificates for various purposes. These are all signed by me.