gpgsm and expired certificates
Peter Lebbing
peter at digitalbrains.com
Sat Nov 2 20:20:28 CET 2013
On 02/11/13 19:48, Uwe Brauer wrote:
> So either you claim to have evidence that this modules have been hacked
> and the key pair is transferred to some of these evil organisations or I
> really don't see your point.
I think the most common way for an X.509 CA to be deceitful is by giving someone
else a certificate with your name on it, not by stealing your key.
Then I would be under the impression I was holding an encrypted and signed
conversation with /you/, but I would be talking to the well-funded attacker that
got the false certificate. That attacker could then re-encrypt and send it on to
you, to be a man in the middle.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list