[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keyserver.cns.vt.edu updates
|
From: |
Robert J. Hansen |
|
Subject: |
Re: [Sks-devel] keyserver.cns.vt.edu updates |
|
Date: |
Fri, 14 Oct 2011 02:42:39 -0400 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
On 10/14/2011 1:39 AM, oakwhiz wrote:
> In my opinion, you're better off with a self-signed certificate,
> because you cannot trust the certificate authorities not to sign a
> fake certificate for use in a man-in-the-middle attack.
Although there are certainly some unreliable CAs (Diginotar as an
obvious example), I think it's a leap to go from that to saying there
exist *no* reliable CAs.
> Isn't this the point of using the OpenPGP trust model instead of the
> flawed X.509 trust model?
OpenPGP and X.509's trust models are essentially interchangeable. They
work in fundamentally the same way, to the point where the commercial
version of PGP lets you use OpenPGP certs as X.509 certs and vice-versa.
- [Sks-devel] keyserver.cns.vt.edu updates, Phil Benchoff, 2011/10/13
- Message not available
- Re: [Sks-devel] keyserver.cns.vt.edu updates, oakwhiz, 2011/10/14
- Re: [Sks-devel] keyserver.cns.vt.edu updates,
Robert J. Hansen <=
- Re: [Sks-devel] keyserver.cns.vt.edu updates, Matthew Palmer, 2011/10/14
- [Sks-devel] 3 million keys, Sebastian Urbach, 2011/10/14
- Re: [Sks-devel] 3 million keys, Gabor Kiss, 2011/10/15
- Re: [Sks-devel] 3 million keys & and community help requested, John Clizbe, 2011/10/15
- Re: [Sks-devel] 3 million keys & and community help requested, Robert J. Hansen, 2011/10/15