A method of securely exchanging cryptographic identities through a mutually trusted intermediary is disclosed. Data, which specifies a petitioner's cryptographic identity and a petitioner's resource identifier, is received. Input, which specifies an authority's resource identifier, is received. The petitioner's cryptographic identity and the petitioner's resource identifier are sent to a destination that is associated with the authority's resource identifier. Data, which specifies the authority's cryptographic identity, is received. The authority's cryptographic identity is sent to a destination that is associated with the petitioner's resource identifier.