| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3EBD34F7.1090703@gci.net> From: poirotsj at gci.net (Steve Poirot) Subject: PGP vs. certificate from Verisign I'm 98% sure that the key pair is generated on the client machine and that just the public key is transmitted to the CA. The reason I say 98% instead of 100% is that it's possible that a CA just makes it look like that's what's happening. This could be verified by sniffing the session. Steve Poirot Georgi Guninski wrote: > I am not an expert, but AFAIK at some time the key issuer have your > *private* key because they issue the key. I am not comfortable someone > else having my private key no matter if they claim they don't keep it. > > Georgi > > Kamal Habayeb wrote: > >> Greetings, >> >> I'm trying to get some expert opinions on which is better. Using >> Outlook >> 2002, would it be better to use PGP to encrypt messages or use the >> built-in >> option with a digital certificate from Verisign (or some other CA)? >> >> Thanks, >> >> Kamal >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists