| 1 |
On 2011-03-25 1:59 PM, Dane Smith wrote: |
| 2 |
> Having said that, for those that just use "keys" for e-mails (most of |
| 3 |
> us), it would make more sense to use full blow SSL certs in the long run. |
| 4 |
|
| 5 |
Please no. PKI is a naive design and for all intents and purposes will |
| 6 |
remain a pipe-dream. All security relationships that is worth anything |
| 7 |
is bilateral and no trusted third party is willing to accept enough risk |
| 8 |
to warrent full trust. |
| 9 |
|
| 10 |
Using public keys for auth is a good security model and the rest of x509 |
| 11 |
certs is just unnecessary overhead. Let's not go there. GPG is good |
| 12 |
enough. |
| 13 |
-- |
| 14 |
Eray Aslan |
| 15 |
Developer, Gentoo Linux eras <at> gentoo.org |
Archives