making the X.509 infrastructure available for OpenPGP

Robert J. Hansen rjh at
Thu Feb 6 19:29:35 CET 2014

> I would say that where an individual makes up their own mind which
> certificates to mark as valid, they are not using a CA at all. If a
> second individual is asking the first individual which certificates
> to accept, the second individual is using the first as a CA.

You are free to redefine black as white while you're at it.

When you decide which certificates to accept, you are serving as your  
own CA.  When you outsource this to someone else, that other person or  
agency is serving as your CA.  But no matter how you slice it, there's  
still a CA in the picture.

More information about the Gnupg-users mailing list