SSL on gnupg.org

Peter Lebbing peter at digitalbrains.com
Mon Sep 9 12:54:49 CEST 2013


On 09/09/13 04:06, Jose Luis Rivas wrote:
> I have seen some worrisome about downloading stuff from a site without a 
> proper SSL certificate, specially nowadays with the NSA issues which
> include them in the middle of the internet pipes.

SSL is precisely /not/ the technology to use to escape the NSA (more
specifically, the Certificate Authority structure of the validation, I'm not
talking about the SSL session itself).

If there is /an/ organization that can spoof the authenticity of an SSL
website, it'll be the NSA. I will eat my hat[1] if they don't have access to a
few certificate authorities.

If you want to verify authenticity of a downloaded GnuPG, verify it with
GnuPG. Yes, I know, there's a problem there :).

HTH,

Peter.

[1] Luckily, the washing label says "AZO free". I have no idea what that is,
though.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list