Relevance of PGP?
Mark Woodward
markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org
Fri Jun 10 11:03:32 EDT 2011
On 06/10/2011 09:34 AM, Bill Ricker wrote:
> On Fri, Jun 10, 2011 at 8:12 AM, Edward Ned Harvey<blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org> wrote:
>> Go get a free> certificate from
> a signature with a free CA cert deserves no trust - it verifies the
> email address was the email address on a certain date only.
>
I find that the notion of "trust" is completely broken with secure
communications. We've already seen that supposedly trusted certs gave
keys to china and the US government so that browsers would accept bogus
keys.
It doesn't matter who creates the cert because the mechanism of trust
isn't trustworthy. The only way to "trust" a key, IMHO is to have each
entity that wishes to have private communication with you create their
own cert and send you, via an alternate "safer" transport, the public
key. Only that way can you be sure.
More information about the Discuss
mailing list