multiple subkeys and key transition

Robert J. Hansen rjh at
Sun Dec 12 03:15:50 CET 2010

On 12/11/2010 6:22 PM, MFPA wrote:
> A question on the subject of SSL/TLS certificates and HTTPS: often
> there is no user requirement to "authenticate" the identity of the
> server, but rather a simple requirement to prevent snooping; why does
> this need a certificate?

Otherwise the snooper could just use a MitM and you'd be none the wiser.

When you visit, both you and Amazon need some way to ensure
you're talking to the real McCoy.  Amazon authenticates you by having
you provide a username and password.  You authenticate Amazon by
checking their SSL cert and seeing that it was issued by a trusted

If you didn't check the SSL cert, I could provide a self-signed SSL
cert, have you accept it, and then do a MitM on your connection.  Next
thing you know, you've paid for all my Christmas shopping...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101211/96054a4b/attachment.bin>

More information about the Gnupg-users mailing list