On 10/14/2011 1:39 AM, oakwhiz wrote: > In my opinion, you're better off with a self-signed certificate, > because you cannot trust the certificate authorities not to sign a > fake certificate for use in a man-in-the-middle attack.
Although there are certainly some unreliable CAs (Diginotar as an obvious example), I think it's a leap to go from that to saying there exist *no* reliable CAs. > Isn't this the point of using the OpenPGP trust model instead of the > flawed X.509 trust model? OpenPGP and X.509's trust models are essentially interchangeable. They work in fundamentally the same way, to the point where the commercial version of PGP lets you use OpenPGP certs as X.509 certs and vice-versa. _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
