Using root CAs as a trusted 3rd party
aaron.toponce at gmail.com
Sat Jan 21 19:12:15 CET 2012
I just signed an OpenPGP key with cert level 0x12 (casual checking) given
the following scenario:
* A PGP key was signed by an SSL certificate that was signed by a root
* I verified that the signature was indeed from that root CA.
* I striped the signature, and imported the PGP key.
* I then signed the key, exported, and sent back.
What are your thoughts on using root CAs as a trusted 3rd party for
trusting that a key is owned by whom it claims? Of course, this is merely
for casual checking, but it seems to be "good enough".
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 519 bytes
Desc: not available
More information about the Gnupg-users