[foaf-protocols] Fwd: Using root CAs as a trusted 3rd party
melvincarvalho at gmail.com
Sun Jan 22 05:26:06 EST 2012
interesting thread on the GPG list
---------- Forwarded message ----------
From: Aaron Toponce <aaron.toponce at gmail.com>
Date: 21 January 2012 19:12
Subject: Using root CAs as a trusted 3rd party
To: gnupg-users at gnupg.org
I just signed an OpenPGP key with cert level 0x12 (casual checking) given
the following scenario:
* A PGP key was signed by an SSL certificate that was signed by a root
* I verified that the signature was indeed from that root CA.
* I striped the signature, and imported the PGP key.
* I then signed the key, exported, and sent back.
What are your thoughts on using root CAs as a trusted 3rd party for
trusting that a key is owned by whom it claims? Of course, this is merely
for casual checking, but it seems to be "good enough".
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
Gnupg-users mailing list
Gnupg-users at gnupg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 518 bytes
Desc: not available
More information about the foaf-protocols