On Tue, 26 Feb 2013 11:19, [email protected] said: > In other words, trusting a certificate authority is currently an > all-or-nothing > thing where you now trust them to certify any SSL-protected service > you connec
Right, they are all implicitly cross-signed. In reality there is no security in the PKIX system at all. At least not if you want to use it on the public internet. The CA vendors don't sell security but act as information highwaymen. All the recently added browser features might be compared to laundries and milk bars as the tiny legal business arms of larger Chicago 1920ies entrepreneur groups ;-). > While I appreciate the sks-keyservers folk, I would never install their CA as > a > system-wide CA. Actually, I already distrust "proper" CA's :). Thus, it won't harm you to add such a kind of Salvation Army CA. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
