| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: smcmahon at eiv.com (Shawn McMahon) Subject: PGP vs. certificate from Verisign On Sat, May 10, 2003 at 02:57:12AM +0200, yossarian said: > What I wonder - will Verisign have set up CRL servers yet? Remember the IE > problem when someone got hold of MS certificates? The MS-fix was > blacklisting them locally, the real problem was that there was no revocation > servers. Then again, how many concurrent connections would they get if MS > sent out a critical update? > > So - stick to PGP - forget about PKI. Pardon me if a clue whizzed by while I was working, but I read this as "PKI doesn't have any way to guarantee ad-hoc revocation of a certificate, so stick to PGP, which also doesn't have any way to guarantee ad-hoc revocation of a certificate". -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting | that we shall pay any price, bear any burden, meet any UNIX and Linux | hardship, support any friend, oppose any foe, to assure http://www.eiv.com| the survival and the success of liberty. - JFK -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030511/0f9c7a2d/attachment.bin
Powered by blists - more mailing lists