multiple subkeys and key transition

Ben McGinnes ben at
Sun Dec 12 00:36:47 CET 2010

On 12/12/10 10:22 AM, MFPA wrote:
> On Saturday 11 December 2010 at 7:55:25 PM, in
> <mid:4D03D72D.1000607 at>, Ben McGinnes wrote:
>> I don't really want to hijack my own thread, but I've
>> always been deeply suspicious of the obvious money grab
>> of the CA system of (mainly website) SSL certificates
>> and I think alternatives a worth exploring.
> A question on the subject of SSL/TLS certificates and HTTPS: often
> there is no user requirement to "authenticate" the identity of the
> server, but rather a simple requirement to prevent snooping; why does
> this need a certificate?

SSL Certificates have nothing to do with the encryption or security
and everything to do with a third party confirmation that the site is
owned and operated by the organisation that it says it is.  The CAs
have managed to carve a nice little niche for themselves by preying on
the fears of people who don't understand this and have made that a
de-facto standard business practice.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/4a348243/attachment.pgp>

More information about the Gnupg-users mailing list