[Cryptography] OpenPGP and trust
Ralf Senderek
crypto at senderek.ie
Sun Apr 6 06:43:47 EDT 2014
On Sun, 6 Apr 2014, Peter Gutmann wrote:
> Ralf Senderek <crypto at senderek.ie> writes:
>
>> You can easily solve this problem by obtaining a certificate that verifies in
>> almost all browsers for a few bucks per year,
>
> And the neat thing is that any bad guy can buy a cert from the same CA you
> bought your one from (or any other commercial CA of their choice), set up a
> dummy server, and all your friends will connect thinking it's the real thing.
> The false sense of security created by the cert will make things much easier
> for them.
>
> Peter.
Yes, given the context in which I wrote this (non-tech folk scared by
self-signed cert) your argument is pretty sound advice to leave
unencrypted logins to OwnCloud open as an option. Congratulations.
--ralf
More information about the cryptography
mailing list