Hi, David Clymer <[EMAIL PROTECTED]> wrote:
> With a signature, he just has to trust that signer f00's key has not > been compromised, thus the published host key info is trustworthy and a > MITM is not happening. To be honest, I believe the MITM attack problem could be mitigated by the certificate when accessing db.debian.org via HTTPS instead of HTTP. But trusting the certificate is still a problem for me. Even with ca-certificates installed, galeon says the certificate cannot be trusted; I subsequently imported the certs from /etc/ssl/certs into galeon, which brought the question of whether I trusted that this came from "Autoridade Certificadora Raiz Brasileira", at which point I answered no. In contrast to this, the principle of the GPG web of trust is crystal clear. -- Florent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
