[OT] Why are you using the GPG / PGP keys?

Johan Wevers johanw at vulcan.xs4all.nl
Wed May 29 19:28:32 CEST 2013


On 29-05-2013 6:42, Doug Barton wrote:

> Furthermore, there is no reason to fool around with self-signed certs
> nowadays. Just trot over to https://www.startssl.com/ and get your free
> cert signed by a recognized CA.

It seems not to be recognised by my phone though so there is no
advantage there over a selfsigned key. More of a disadvantage, since
using a selfsigned key allows me to keep out all the personal details
not strictly needed so when I'm on holiday peeping governments don't
know easily who's server I'm contacting (OK, security by obscurity but
still). And their key is valid only for 1 year, which is inconvenient.

Further they deliver the private key to you, so they have access to it.
A BIG security hole, especially since they're (also) US based, if they
have access so does the US government via the Patriot act, who has
probably already put me on their watch list for liking Wikileaks on
Facebook. Thanks but no thanks.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




More information about the Gnupg-users mailing list