Re: pgp signing in van

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/6/13 7:45 PM, Scott Kitterman wrote:
> They have different problems, but are inherently less reliable than web of 
> trust GPG signing.  It doesn't scale well, but when done in a defined context 
> for defined purposes it works quite well.  With external CAs you never know 
> what you get.

Vast numbers of bits can be and have been spent on the problems
with PKI and on vulnerabilities around CAs (and the trust model).
I am not arguing that PKI is awesome.  What I *am* arguing is that
the semantics of the trust assertions are pretty well-understood
and agreed-upon, which is not the case with pgp.  When someone
signs someone else's pgp key you really don't know why, what the
relationship is, what they thought they were attesting to, etc.

Melinda






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]