bugs.gnupg.org TLS certificate

Werner Koch wk at gnupg.org
Fri Mar 13 14:27:47 CET 2015


On Fri, 13 Mar 2015 14:04, mwood at IUPUI.Edu said:

> A CA that charges nothing cannot afford to do much (any?) checking of
> the assertions in my CSR.  The resulting signature thus cannot have
> some of the meaning that a more thoroughly investigated CSR can

Given the implicit cross certification of all CA in the browsers this
does not matter.  Except for those who tightly control their Root CA but
that is a rare case and not really practical.

The more expensive CAs are only selling you a fashionable background
color for your the client's address bar.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list