Questions about OpenPGP best practices

Doug Barton dougb at dougbarton.us
Tue Feb 26 16:15:10 CET 2013


On 02/26/2013 02:19 AM, Peter Lebbing wrote:
> On 26/02/13 07:43, Doug Barton wrote:
>> That worked for me, although I was a bit disappointed that placing the cert at
>> /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the
>> docs said it should.
>
> Please realise that if it would have worked, you would have installed that
> sks-keyservers certificate authority as a system-wide certificate authority, and
> your browser and other programs might[1] happily accept a certificate for your
> e-mail provider or your banking site created and signed by the sks-keyservers CA.

Yes, I actually understand PKI rather well, but thanks for the warning. 
:)  I think Werner summed up my own thoughts rather well, so I'll leave 
it at that.

Doug





More information about the Gnupg-users mailing list