multiple subkeys and key transition

Faramir faramir.cl at gmail.com
Sun Dec 12 03:53:20 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 11-12-2010 23:14, MFPA escribió:
> Hi
...
> But couldn't a man-in-the-middle server authenticate by presenting the
> user's browser with an acceptable certificate signed by a "trusted"
> CA? And is a self-signed certificate any more or any less secure in
> this scenario?

  Yes, that's why it is important CAs don't sign things they should not
sign.
  Selfsigned certificates make things worst, because now you have to
worry about flawed CAs and also you need to check the legitimate but
unknown (to you) certificate used in the site...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJNBDkgAAoJEMV4f6PvczxAgkkIAIRXO3lC6EAZjNw4wF9kHyHC
ULwXPLczITOZMDWY27jcs6XyZfbSFr9AJ+H1UugaXrJlVvjrvOH1NcLpm5E7vLuh
eAfc8AzlOkdGWRWmKDLNzQ8Q+69VDj6aQUTfUHCc71l8Zau+SKkzeXOHKBDlMEN0
ZQQwkrKftl6LK4x9IWI/18z0rJseKECjAk2fYkrUKwivvvJukvDK0I4EANQHTfWP
9UOrFGGtklUtKbYs87EP9F0KAudw3ujiPpRtPCO/II169YfkjjCzUUXC9ldtoeO9
YWyzsPpUvRh0L2ptKQfVBikZrDn7VB8r/vHSFeZILQCWl5TZln7+HP4QC1BRdPo=
=zjGl
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list