When i point a web browser at https://lists.gnupg.org, i get a warning that the server's X.509 certificate is expired (it has a CN of trithemius.gnupg.org and several subjectAltNames, including lists.gnupg.org).
I'm not a fan of the CA cartel, but it would be nice to have some up-to-date way of verifying the server, especially for people already well-connected in the web-of-trust. If the administrator of the server would publish the host's key in an OpenPGP certificate, and sign it, then we could verify it that way. Here's a quick intro for how to do that: http://www.debian-administration.org/article/660/Publishing_host_services_to_OpenPGP_with_Monkeysphere If this isn't acceptable for some reason, could you at least update the certificate to one with a reasonable expiration date? Thanks, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
