gpgsm and expired certificates

MFPA expires2013 at ymail.com
Mon Nov 4 15:33:44 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 3 November 2013 at 10:02:14 PM, in
<mid:87habtnnyx.fsf at mat.ucm.es>, Uwe Brauer wrote:


>>> "Ingo" == Ingo Klöcker <kloecker at kde.org> writes:
>    > So, your point/hope probably was that a government
>    based CA > wouldn't have such a business model and
>    would instead offer this > service gratis to the
>    people (so that more people would be > protected
>    from the NSA reading their mail). If this was your
>    point > then apparently I didn't see it when I first
>    read your message.

> That was *precisely* my point, thanks for clarifying it

There are already several private sector CAs who provide free S/MIME
certificates in the hope that punters may take one of their paid
products instead or in addition. Potential sales is their incentive to
provide some products free. What would be a government's incentive to
provide them free of charge instead of charging for the admin? And
what would a government based CA bring to the party that is not
already available?

If all we are talking about is email encryption to protect people's
email from being read in transit, a self-signed certificate takes care
of the encryption without the need for a CA. The only value in using a
recognised CA rather than a self-signed certificate is convenience for
the recipient, whose MUA is likely to automatically "trust" a
recognised CA but would need to be "told" to accept a self-signed
certificate.



- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

CAUTION! - Beware of Warnings!
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlJ3sFNXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5ptlAD/jWuP+IpjL+RRBH1CazALnqMcKfb0M4pyBoe
+9SSDpPAR3CLFKBNi9/ThnVR28BAW3DWqILMq7n+5D+0Vu3jT4nC4Tvpz2tt2YfI
rTUV37E2U62tpydkIhsHuuD9auqjtS3nwxd3db6jfTf+yzz+1LY4+pXtAipdwKQr
JUKD0Rnl
=Kt8y
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list