multiple subkeys and key transition

Robert J. Hansen rjh at
Sun Dec 12 03:21:43 CET 2010

On 12/11/2010 9:14 PM, MFPA wrote:
> But couldn't a man-in-the-middle server authenticate by presenting the
> user's browser with an acceptable certificate signed by a "trusted"
> CA? And is a self-signed certificate any more or any less secure in
> this scenario?

The entire idea of a "self-signed certificate" is kind of a non
sequitur.  The question isn't whether a certificate is self-signed or
signed by Verisign.  The question is whether the certificate is signed
by someone you trust.  If you know the certificate issuer, you've
verified the certificate fingerprint with the web site owner, etc., then
you can use a self-signed certificate with great confidence.

With respect to your hypothetical scenario, sure.  Getting marks to
trust people who plan on betraying that trust is a ploy that's about as
old as the hills.  I think Samson might have something to say about
Delilah, and Holofernes' troops might have something to say about
Judith, just to name two instances...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101211/4055a54a/attachment-0001.bin>

More information about the Gnupg-users mailing list