Access to www.gnupg.org only via TLS

Mike Cardwell gnupg at lists.grepular.com
Thu May 1 10:30:09 CEST 2014


* on the Wed, Apr 30, 2014 at 10:28:15PM +0200, Pete Stephenson wrote:

> In regards to certs, I like the principles behind CAcert, but using their
> certs on public-facing systems can be problematic due to their root not
> being included in browsers. For practical reasons, using a CA included in
> browsers is often a better choice.

I write a tech blog about Internet/security related stuff. I used to have
a CAcert cert on it, but every time I posted something, I'd get a raft
of people contacting me to tell me my cert was invalid, and people leaving
comments to the effect that I shouldn't be writing about security stuff
if I can't even configure my SSL correctly. And this from people who are
actually supposed to be a least moderately knowledgeable about the way
the web works. Needless to say, I got bored of this fairly quickly and
shifted over to StartSSL.

For the average person, SSL warnings are a nuisance that needs to be
ignored and clicked so they can continue doing what they were doing. For
the average geek, an SSL warning seems to be a declaration of War.

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140501/066642dc/attachment.sig>


More information about the Gnupg-users mailing list