SSL on gnupg.org
Peter Lebbing
peter at digitalbrains.com
Mon Sep 9 12:54:49 CEST 2013
On 09/09/13 04:06, Jose Luis Rivas wrote:
> I have seen some worrisome about downloading stuff from a site without a
> proper SSL certificate, specially nowadays with the NSA issues which
> include them in the middle of the internet pipes.
SSL is precisely /not/ the technology to use to escape the NSA (more
specifically, the Certificate Authority structure of the validation, I'm not
talking about the SSL session itself).
If there is /an/ organization that can spoof the authenticity of an SSL
website, it'll be the NSA. I will eat my hat[1] if they don't have access to a
few certificate authorities.
If you want to verify authenticity of a downloaded GnuPG, verify it with
GnuPG. Yes, I know, there's a problem there :).
HTH,
Peter.
[1] Luckily, the washing label says "AZO free". I have no idea what that is,
though.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list