gpgsm and expired certificates

MFPA expires2013 at ymail.com
Mon Nov 4 15:02:30 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 2 November 2013 at 6:48:39 PM, in
<mid:87fvreprlk.fsf at mat.ucm.es>, Uwe Brauer wrote:


> Your point being?

> I presume it goes like this: NSA is  "a government
> based organisation" doing, among other things,
> violations of civil rights.

> So any other government based organisation cannot be
> trust, end of argument.


Exactly.



> Well I just talked  about a service, which provides
> certificates to its citizen. That means it signs a
> public/private key pair, which is generated by the,
> hopefully open source, crypto module of your browser.

> So either you claim to have evidence that this modules
> have been hacked and the key pair is transferred to
> some of these evil organisations or I really don't see
> your point.

Simply stated, it is established that government based organisations
sometimes act in a nefarious manner, contrary to the law and contrary
to the interests of the population. I view that as a reason not to
trust government based organisations. And if I don't trust government
based organisations, I cannot trust a certification issued by one.

Of course, private companies or individuals who issue certifications
are susceptible to coercion. Whether issued by government or by
private sector, a single certification on a public key represents a
single point of failure. It does not provide any great level of
assurance the corresponding private key is controlled by the identity
it claims. Such assurance could potentially be derived from numerous
certifications that are independent from each other, but how do you
tell which are truly independent?

Where actual identity is not required, just continuity of
communication, I see no value in obtaining any certification at all.

- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

Can you imagine a world with no hypothetical situations?
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlJ3qQVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pFGMD/3YXsKuEtEf9+H4qiQckLlEkv+ulrQnuepRn
PlDE6rsbzdIaa3aU9eRCwa9mydwwIByadgI1YhrdXlnxRk2Aa6mfuoFPkg5MEa8c
3ysvmrVY5DHPkSELkEeUZe6Nk1lcJz1JUUd2vT6cNpks68kYG1Zb/VaLoKbC4sW2
ypuROxWl
=1Moi
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list