[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography-randombit
Subject: Re: [cryptography] =?utf-8?q?=5BCryptography=5D_Why_aren=E2=80=99t_we?=
From: "John Levine" <johnl () iecc ! com>
Date: 2015-01-04 23:38:16
Message-ID: 20150104233816.27448.qmail () ary ! lan
[Download RAW message or body]
>>> gpg signed attestations, e.g. see up front of my site, https://psg.com
>>
>> Not sure if that helps at all - the CA is an invalid certificate and would
>> be expired even if the validity dates were correct. That doesn't indicate
>> proper cert handling...
>>
>
>And if it was SSH, how would we ever truly verify that public key.
I'm not Randy, and I rarely look at SSH keys, but I do note that the
bogus CA doesn't matter, since the file you download contains a PGP
signature you can verify. Well, you can if you believe that the key
with ID EA37E360 belongs to Randy. Perhaps I'll ask him when I see
him in Dallas.
R's,
John
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic