BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Relevance of PGP?

Subject: Relevance of PGP?
From: markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org (Mark Woodward)
Date: Fri, 10 Jun 2011 11:03:32 -0400
In-reply-to: <BANLkTikqAn8XoMc4mzkteUtoEWxh_39PcQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
References: <BANLkTi=rH1vLCPpgO+cjCrt21XAsuUfe5Q@mail.gmail.com> <000401cc2767$b41595d0$1c40c170$@nedharvey.com> <BANLkTikqAn8XoMc4mzkteUtoEWxh_39PcQ@mail.gmail.com>

On 06/10/2011 09:34 AM, Bill Ricker wrote:
> On Fri, Jun 10, 2011 at 8:12 AM, Edward Ned Harvey<blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org>  wrote:
>> Go get a free>  certificate from
> a signature with a free CA cert deserves no trust - it verifies the
> email address was the email address on a certain date only.
>
I find that the notion of "trust" is completely broken with secure 
communications. We've already seen that supposedly trusted certs gave 
keys to china and the US government so that browsers would accept bogus 
keys.

It doesn't matter who creates the cert because the mechanism of trust 
isn't trustworthy. The only way to "trust" a key, IMHO is to have each 
entity that wishes to have private communication with you create their 
own cert and send you, via an alternate "safer" transport, the public 
key. Only that way can you be sure.

References:
- [Discuss] Relevance of PGP?
  - From: jabr at blu.org (John Abreau)
- Relevance of PGP?
  - From: blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org (Edward Ned Harvey)
- Relevance of PGP?
  - From: bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org (Bill Ricker)

Prev by Date: Relevance of PGP?
Next by Date: Relevance of PGP?
Previous by thread: Relevance of PGP?
Next by thread: Relevance of PGP?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org