making the X.509 infrastructure available for OpenPGP

Peter Lebbing peter at digitalbrains.com
Wed Feb 5 22:30:38 CET 2014


On 05/02/14 21:06, Werner Koch wrote:
> Almost all X.509 certification in public use certify only one of two
> things:

I never intended my message to say I would trust any CA. Hauke was looking for a
way to leverage trust in a CA; I was merely contributing something I thought he
might find interesting.

By the way, I still think the CA certifies that the certificate belongs to the
person or role identified by the DN. The problem is that when someone vouches
for the truth of something, that doesn't make it an actual fact. It sometimes
means the certifier is simply sloppy or a liar. Certification is a statement,
not truth.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list