Relevance of PGP?
Bill Ricker
bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sat Jun 11 14:23:15 EDT 2011
On Sat, Jun 11, 2011 at 9:14 AM, Edward Ned Harvey <blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org> wrote:
> Same as PGP.
wrong.
> It's the external context that gives you more trust.
Correct. Most people don't know what the context in a SSL cert really
is, though.
Free certs from Commercial CA's provide a trusty flavor with no actual
trust context. Hi price certs from commercial CA's may include
competent manual verification of identity or incompetent. Cheap certs
will validate that this is göögle.com but won't warn you it isn't what
you think...
PGP ring of trust allows for non-centralized asynchronous auditable
out-of-band context. If I exchange key prints in a meatspace signing
party with John and he with you another day, I may decide that's
sufficient reason to believe you actually exist and that that's your
key, or not, at my choice.
--
Bill
@n1vux bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
More information about the Discuss
mailing list