On 02/11/13 19:48, Uwe Brauer wrote: > So either you claim to have evidence that this modules have been hacked > and the key pair is transferred to some of these evil organisations or I > really don't see your point.
I think the most common way for an X.509 CA to be deceitful is by giving someone else a certificate with your name on it, not by stealing your key. Then I would be under the impression I was holding an encrypted and signed conversation with /you/, but I would be talking to the well-funded attacker that got the false certificate. That attacker could then re-encrypt and send it on to you, to be a man in the middle. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
