The Machine that issues Certificates ==================================== (Wibbly-wobbly effect, fade to shot of John Cleese being turned on a spit by some nuns) JOHN CLEESE: And now for something completely different... (Fairly empty generic modern room. End entity being rushed into the room on a dolly. PKI architects are flipping through standards documents) PKI ARCHITECT 1: commonName qualified with a serialNumber in the same RDN! PKI ARCHITECT 2: firstName + surname + generationQualifier (if required) + dnQualifier! (Sysadmin enters and interrupts them) SYSADMIN: The end entity is ready. PKI ARCHITECT 1: Good, take her into the PKI frightening room. SYSADMIN: Right. PKI ARCHITECT 2: I say, it's a bit barren in here isn't it? PKI ARCHITECT 1: Yes, more junk please sysadmin. The smart cards, the Safekeyper, and the biometrics. SYSADMIN: Yes, most certainly. PKI ARCHITECT 1: And get the machine that issues certificates! (Sysadmin wheels in a cart containing a PC which has "Intel Inside" and "Designed for Microsoft Windows" stickers on it) END ENTITY: What's that for? PKI ARCHITECT 1: That's the machine that issues certificates (Machine goes PING and pops up a "Save certificate as..." dialog) PKI ARCHITECT 1: You see, that means the end entity has been certified! PKI ARCHITECT 2: And that is the most expensive machine in the whole building! PKI ARCHITECT 1: Yes, it cost over three quarters of a million pounds. PKI ARCHITECT 2: Aren't you lucky?! SYSADMIN: The CEO is here doctor. PKI ARCHITECT 1: Switch everything on! (Bleep... whirrr... bing... rumble rumble) CEO: Ah very impressive, very impressive, and what are you doing this morning? PKI ARCHITECT 2: It is a certification. CEO: Ahhh,.. and what sort of thing is that? PKI ARCHITECT 2: Well, that's where we certify uncontestably and undeniably that someone we've never met before who lives on the other side of the planet and who we know only as a (possibly forged) email address really is who they claim to be and can be trusted to write good cheques, buy alcohol, sign contracts, and run a dot-com selling PKI services. CEO: Wonderful what you can do nowadays. (PING) Ahh, I see that you have the machine that issues certificates. This is my favorite. You see we leased it back from the company we sold it to and that way it comes out of the monthly current budget and not the capital account. (Applause) Thank you, thank you, we try to do our best, well do carry on. (CEO leaves) PKI ARCHITECT 1: Lovely, lovely, jolly good, that's better, much much better. PKI ARCHITECT 2: Yes, that's more like it. PKI ARCHITECT 1: Uhh... still something missing though. PKI ARCHITECT 1+2:END ENTITY! PKI ARCHITECT 2: Yes, where's the end entity? PKI ARCHITECT 1: Anyone seen the end entity? SYSADMIN: Ahhh... here she is! PKI ARCHITECT 1: Bring her over here. PKI ARCHITECT 2: Mind the machine. PKI ARCHITECT 1: Hello, now don't you worry. PKI ARCHITECT 2: We'll soon have you certified! PKI ARCHITECT 1: Leave it all to us, you'll never know what hit you. END ENTITY: Will it be a nonRepudiation certificate? PKI ARCHITECT 1: Now I think it's a little early to start imposing roles on it, don't you? Now a word of advice, you may find that you suffer for some time a totally irrational feeling of depression, PKID as we call it. So, it's lots of happy pills for you and you can find out all about the certification when you get home. It's available on Betamax, VHS, and Super-8. (Reporters and photographers enter the PKI frightening room) PKI ARCHITECT 1: Who are you? NOTARY PUBLIC: I am the end entity's notary public. PKI ARCHITECT 1: I am sorry, only people involved are allowed in here. END ENTITY: What do I do? PKI ARCHITECT 2: Yes? END ENTITY: What do I Do? PKI ARCHITECT 2: Nothing dear, you're not "qualified"! (Machine that issues certificates blue screens, camera zooms in to reveal text that says "And now for something completely different...")