Questions about OpenPGP best practices

Werner Koch wk at gnupg.org
Tue Feb 26 11:56:16 CET 2013


On Tue, 26 Feb 2013 11:19, peter at digitalbrains.com said:

> In other words, trusting a certificate authority is currently an all-or-nothing
> thing where you now trust them to certify any SSL-protected service
> you connec

Right, they are all implicitly cross-signed.  In reality there is no
security in the PKIX system at all.  At least not if you want to use it
on the public internet.  The CA vendors don't sell security but act as
information highwaymen.  All the recently added browser features might be
compared to laundries and milk bars as the tiny legal business arms of
larger Chicago 1920ies entrepreneur groups ;-).

> While I appreciate the sks-keyservers folk, I would never install their CA as a
> system-wide CA. Actually, I already distrust "proper" CA's :).

Thus, it won't harm you to add such a kind of Salvation Army CA.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list