lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Sea2-DAV67Y3oannfva000032c5@hotmail.com>
From: mountainfury at hotmail.com (Kamal Habayeb)
Subject: PGP vs. certificate from Verisign

Excellent point, it makes me wonder too if the CA holds on to your keys and
maybe has some sort of agreement with the government to act as a key escrow
incase the government needs to decrypt some of your information.  I find it
hard to believe that the government just gave up after a couple of attempts
early on to control the crypto and be able to decrypt any information
(Clipper chip and mandatory key escrow in 1995).

-----Original Message-----
From: Georgi Guninski [mailto:guninski@...inski.com] 
Sent: Saturday, May 10, 2003 11:07 AM
To: Kamal Habayeb
Cc: full-disclosure@...ts.netsys.com

I am not an expert, but AFAIK at some time the key issuer have your
*private* 
key because they issue the key. I am not comfortable someone else having my 
private key no matter if they claim they don't keep it.

Georgi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ