httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: pgp trust for https?
Date Wed, 09 Nov 2005 09:55:30 GMT
> -----Original Message-----
> From: Nick Kew [mailto:nick@webthing.com]
> 
> > ... Personally, I feel this role belongs in the government.
> 
> Any particular government?  A few years ago I'd probably have agreed.
> With the most blatently corrupt government in living memory, that has
> less appeal.

At first I thought this statment was inappropriate on an international list where we don't
know where anybody lives. But then I realised it applies equally well to every government
on the planet...

Except, maybe, Iceland?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> > >I seldom use pgp for email (and I hate it when people sign messages
> > >posted to a list like this).  But I always use it to 
> verify software I
> > >download from the 'net.  And, unlike https, it tells me every time
> > >whether or not *I* trust the digital signature.
> >
> > How do you decide that such a signature is trustworthy and 
> valid?  You
> > either have to know about their public key a priori, or 
> know ( and trust
> > ) another one that signed theirs, otherwise, you're just 
> guessing that
> > you can trust it.
> 
> Sure.  I do trust my own key, and those of quite a number of 
> other people,
> including, for example, most of those with whom I would 
> expect to share
> an SVN repository for development work.  That's the kind of 
> application
> where a PGP-signed server key is a clear winner.
> 
> And when my browser indicates that I don't trust a key, I can 
> investigate
> in detail by fetching the public key and its signature(s), 
> and make whatever
> other checks I see fit.  Exactly the same as when I download a package
> from the 'net.
> 
> -- 
> Nick Kew
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.

Mime
View raw message