[Cryptography] Why aren’t we using SSH for everything?

Andreas Junius andreas.junius at gmail.com
Sun Jan 4 02:46:42 EST 2015

On 04/01/15 17:26, Randy Bush wrote:
>> Do you actually verify key fingerprints, and if so, how?
> gpg signed attestations, e.g. see up front of my site, https://psg.com

Not sure if that helps at all - the CA is an invalid certificate and 
would be expired even if the validity dates were correct. That doesn't 
indicate proper cert handling...

More information about the cryptography mailing list