making the X.509 infrastructure available for OpenPGP

Avi at
Thu Feb 6 21:46:56 CET 2014

>On Thu, Feb 6, 2014 at 2:20 PM, MFPA <2014-667rhzu3dc-lists-groups at> wrote:
>On Thursday 6 February 2014 at 6:29:35 PM, in
><mid:20140206102935.Horde.-aF3gSq0xd6sXqnZGe2iGw3 at>,
>Robert J. Hansen wrote:
>> When you decide which certificates to accept, you are
>> serving as your own CA.
>No I am not. An example of a similarly false statement would be "When
>a trader does not employ an accountant he is serving as his own

Hash: SHA256

Well, in my layman's understanding, you both may be correct.
Technically, a CA is a trusted third-party; you are a trusted
first party (to abuse terminology). The buck always stops at
you, but when using a CA, you make the (un)conscious decision
that they are trustworthy and that the trust that THEY have is
transitive (you will accept it without question).

On the other hand, the analogy with accountants may or may not
be correct. When using certificates, the desideratum is the
same--to determine the trustworthiness of the second party.
Whether the first party does this actively, or passively through
acceptance of the third party's decision does not really matter.
With the accountant, if the trader keeps the necessary records
and files the necessary forms, then the trader is serving as his
or her own accountant. Otherwise, there is no one acting as an
accountant and the local securities or taxation authorities can
swoop in and levy sanctions.

Semantics aside, Robert is correct that in actuality there is
only one issuer of trust that matters--you. If you are willing to
give Mozilla blanket transitive trust, so be it, but it is still
your decision--conscious or otherwise.
Version: GnuPG v1 - GPGshell v3.78
Comment: Most recent key: Click show in box @



pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) < at>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9

More information about the Gnupg-users mailing list