1 |
On 2011-03-25 1:59 PM, Dane Smith wrote: |
2 |
> Having said that, for those that just use "keys" for e-mails (most of |
3 |
> us), it would make more sense to use full blow SSL certs in the long run. |
4 |
|
5 |
Please no. PKI is a naive design and for all intents and purposes will |
6 |
remain a pipe-dream. All security relationships that is worth anything |
7 |
is bilateral and no trusted third party is willing to accept enough risk |
8 |
to warrent full trust. |
9 |
|
10 |
Using public keys for auth is a good security model and the rest of x509 |
11 |
certs is just unnecessary overhead. Let's not go there. GPG is good |
12 |
enough. |
13 |
-- |
14 |
Eray Aslan |
15 |
Developer, Gentoo Linux eras <at> gentoo.org |