Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Relevance of PGP?



On 06/10/2011 09:34 AM, Bill Ricker wrote:
> On Fri, Jun 10, 2011 at 8:12 AM, Edward Ned Harvey<blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org>  wrote:
>> Go get a free>  certificate from
> a signature with a free CA cert deserves no trust - it verifies the
> email address was the email address on a certain date only.
>
I find that the notion of "trust" is completely broken with secure 
communications. We've already seen that supposedly trusted certs gave 
keys to china and the US government so that browsers would accept bogus 
keys.

It doesn't matter who creates the cert because the mechanism of trust 
isn't trustworthy. The only way to "trust" a key, IMHO is to have each 
entity that wishes to have private communication with you create their 
own cert and send you, via an alternate "safer" transport, the public 
key. Only that way can you be sure.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org