On 08-09-2014 20:09, Stuart Henderson wrote: > Even with an ssl web page, you would have the same problem, unless you verify > which CA issued the key and that you absolutely trust that they wouldn't issue > a bogus certificate. Yes, the current TLS system with it's fucked up certificates authorities, are a problem. But it's better have than not to. > btw: an easy way to check the key against an anoncvs server - > > $ cvs -d $CVSROOT -p src/etc/signify/openbsd-56-base.pub > untrusted comment: openbsd 5.6 base public key > RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV Nice tip. Perhaps I'll implement a script to check it against all anoncvs servers to see if any of them disagree with mine.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
