multiple subkeys and key transition
faramir.cl at gmail.com
Sun Dec 12 05:13:26 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
El 12-12-2010 0:39, MFPA escribió:
> <mid:4D043920.2070402 at gmail.com>, Faramir wrote:
>> Yes, that's why it is important CAs don't sign things
>> they should not sign.
> And maybe, at times, it's important to governments or criminals that
> CAs *do* sign things they shouldn't.
Exactly... but we don't want to make criminals happy. And about
governments, sure, it's great if CAs help to fight criminals or
terrorists, but, what if the government is the kind of government that
send dissidents to jail instead of defeating them in elections? How can
you tell government is not going to abuse its power?
Not much time ago I read some criticism to... I think it was Nokia,
because they sold some equipment to Iran, which gave them the capability
to locate dissidents. And human rights activists blamed them for selling
the equipment. But from Iran's point of view, they are a legitimate
government, and they used the equipment to catch dangerous people. We
could debate about it a long time, and the only thing I can say, is I'm
really happy I am not a CA, so I don't have to deal with the
consequences of granting or denying fake certificates (you grant them,
and people is sent to a Gulag. You don't grant them, and an stadium
explode and thousands of innocent people get killed).
But I think we are moving off-topic here... not that I complain, but
other people might.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users