[Cryptography] Why aren’t we using SSH for everything?
andreas.junius at gmail.com
Sun Jan 4 02:46:42 EST 2015
On 04/01/15 17:26, Randy Bush wrote:
>> Do you actually verify key fingerprints, and if so, how?
> gpg signed attestations, e.g. see up front of my site, https://psg.com
Not sure if that helps at all - the CA is an invalid certificate and
would be expired even if the validity dates were correct. That doesn't
indicate proper cert handling...
More information about the cryptography