Commercial certification authorities like VeriSign and Equifax sell digital certificates (which contain asymmetric keys) to anyone who wants them. Certification authorities require that certificate purchasers prove their identity before certificates can be issued; each uses a different method to verify an individual’s identity. Thawte, one of the leading public PKI vendor brands, maintains a national network of “digital notaries” who use traditional forms of identification, such as a passport, to verify a purchaser’s identity in person before issuing a digital certificate.

As you learned in Chapter 9, certificates are useless unless you trust the person or company who issued them. The advantage of purchasing certificates from a commercial certification authority is that your computer is preconfigured to trust most of them. If you look in Internet Explorer’s list of trusted certificate publishers, shown in Figure A-5 and accessed through the Internet Options icon in Control Panel, you’ll see a list of publishers whose certificates are automatically trusted by your computer.

Figure A-5. Viewing trusted certificate publishers

The disadvantage ...