obnoxious@xxxxxxxx wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What is your point exactly? How secure are Verisign, Thawte or anyone elses servers outside of them just stating "We take XPrecautions".
Do you argue "Some chains are weak" implies "All chains are weak"? Please explain. I missed it.
I'll agree that software and certs from Verisign, Microsoft, Sun, Yahoo, Citibank are also only as safe as those "X precautions".
What's your point in bringing them up? I don't trust their cryptography software the way I trust GnuPG, so I'm not interested in discussing them specifically.
It's easy to get "gpg --verify" to exit(0), but what that exit code _means_ matters to me, and that is determined by the precautions at the end points.
Do you have any knowledge of what those X precautions are, or if they can be improved for GnuPG?
ForrestP.S. I forgot to mention that I appreciate the honesty of Werner Koch's "spare laptop disclaimer." Big corporations should be as transparent and honest. Truth is there are many who are more lax than Werner Koch, but say they are more dilligent.