Questions about OpenPGP best practices
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Feb 26 19:36:38 CET 2013
On 02/26/2013 06:43 AM, Mark H. Wood wrote:
> That service presents a self-signed certificate (I checked), which
> means that if you do not already have a copy of that cert. installed in
> your browser and marked trusted, then it cannot be verified.
This is not correct. As noted on the web site [0], the public key
associated with the X.509 certificate can be verified through the
OpenPGP web of trust. It is certified by Kristian's own personal key.
If you know Kristian's personal key, you can verify the web site's
certificate on a debian system by using the msva-perl and
xul-ext-monkeysphere and iceweasel packages.
hth,
--dkg
[0] http://sks-keyservers.net/verify_tls.php and
https://sks-keyservers.net/verify_tls.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130226/8a92ebd4/attachment.pgp>
More information about the Gnupg-users
mailing list