obnoxious@xxxxxxxx wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What is your point exactly? How secure are Verisign, Thawte or
anyone elses servers outside of them just stating "We take X
Precautions".
Do you argue "Some chains are weak" implies "All chains are weak"? Please
explain. I missed it.
I'll agree that software and certs from Verisign, Microsoft, Sun, Yahoo,
Citibank are also only as safe as those "X precautions".
What's your point in bringing them up? I don't trust their cryptography
software the way I trust GnuPG, so I'm not interested in discussing them
specifically.
It's easy to get "gpg --verify" to exit(0), but what that exit code _means_
matters to me, and that is determined by the precautions at the end points.
Do you have any knowledge of what those X precautions are, or if they can be
improved for GnuPG?
Forrest
P.S. I forgot to mention that I appreciate the honesty of Werner Koch's "spare
laptop disclaimer." Big corporations should be as transparent and honest.
Truth is there are many who are more lax than Werner Koch, but say they are more
dilligent.
