making the X.509 infrastructure available for OpenPGP

Avi avi.wiki at gmail.com
Thu Feb 6 21:46:56 CET 2014


>On Thu, Feb 6, 2014 at 2:20 PM, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
>
>On Thursday 6 February 2014 at 6:29:35 PM, in
><mid:20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3 at mail.sixdemonbag.org>,
>Robert J. Hansen wrote:
>> When you decide which certificates to accept, you are
>> serving as your own CA.
>
>No I am not. An example of a similarly false statement would be "When
>a trader does not employ an accountant he is serving as his own
>accountant."

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Well, in my layman's understanding, you both may be correct.
Technically, a CA is a trusted third-party; you are a trusted
first party (to abuse terminology). The buck always stops at
you, but when using a CA, you make the (un)conscious decision
that they are trustworthy and that the trust that THEY have is
transitive (you will accept it without question).

On the other hand, the analogy with accountants may or may not
be correct. When using certificates, the desideratum is the
same--to determine the trustworthiness of the second party.
Whether the first party does this actively, or passively through
acceptance of the third party's decision does not really matter.
With the accountant, if the trader keeps the necessary records
and files the necessary forms, then the trader is serving as his
or her own accountant. Otherwise, there is no one acting as an
accountant and the local securities or taxation authorities can
swoop in and levy sanctions.

Semantics aside, Robert is correct that in actuality there is
only one issuer of trust that matters--you. If you are willing to
give Mozilla blanket transitive trust, so be it, but it is still
your decision--conscious or otherwise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1 - GPGshell v3.78
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs

iL4EAREIAGYFAlLz9GhfGGh0dHA6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbS9wa3Mv
bG9va3VwP29wPWdldCZoYXNoPW9uJmZpbmdlcnByaW50PW9uJnNlYXJjaD0weDBE
NjJCMDE5RjgwRTI5RjkACgkQDWKwGfgOKfmrXAD/WKzwn3AcyT973UkJIuCzUzm3
EefUv/Uk+V7ZSR0GGKgA/ik3n2afN/UInmZYV8p/L1jPYc2kDCX0L123YnoXYIxo
=i+me
-----END PGP SIGNATURE-----

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9



More information about the Gnupg-users mailing list