[Cryptography] Why aren’t we using SSH for everything?
Pawel Veselov
pawel.veselov at gmail.com
Sun Jan 4 03:43:59 EST 2015
On Sat, Jan 3, 2015 at 11:46 PM, Andreas Junius <andreas.junius at gmail.com>
wrote:
>
> On 04/01/15 17:26, Randy Bush wrote:
>
>> Do you actually verify key fingerprints, and if so, how?
>>>
>>
>> gpg signed attestations, e.g. see up front of my site, https://psg.com
>>
>
> Not sure if that helps at all - the CA is an invalid certificate and would
> be expired even if the validity dates were correct. That doesn't indicate
> proper cert handling...
>
And if it was SSH, how would we ever truly verify that public key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/fea55f9f/attachment.html>
More information about the cryptography
mailing list