On Saturday 02 November 2013 19:48:39 Uwe Brauer wrote: > >> "MFPA" == MFPA <expires2...@ymail.com> writes: > > Hi > > On Sunday 27 October 2013 at 2:46:05 PM, in > > <mid:8761si4vrm....@mat.ucm.es>, Uwe Brauer wrote: > > > > Isn't the NSA "a government based organisation?" Surely > > guilt-by-association renders every government based organisation > > just > > as nefarious as the NSA. > > Your point being? > > I presume it goes like this: NSA is "a government based > organisation" doing, among other things, violations of civil rights. > > So any other government based organisation cannot be trust, end of > argument. > > Well I just talked about a service, which provides certificates to > its citizen. That means it signs a public/private key pair, which is > generated by the, hopefully open source, crypto module of your > browser. > > So either you claim to have evidence that this modules have been > hacked and the key pair is transferred to some of these evil > organisations or I really don't see your point.
Since I had exactly the same thought as MFPA (namely that the NSA is a goverment based organization), I'll explain my thoughts (which could be different from MFPA's point). You, Uwe Brauer, wrote: > I would prefer a government based organisation which provides this > service to its citizen (especially because of all which was lately > revealed about the NSA) where "this service" refers to the service a commercial, not goverment based CA like comodo offers. I interpreted "especially because of all which was lately revealed about the NSA" to refer to the NSA's ability to forge certificates issued by commercial CAs (e.g. by forcing the CAs to provide such a certificate). Now my thinking was that the NSA (or some other country's secret agency, e.g. the German BND) probably wouldn't have more problems to get forged certificates if they were issued by a government based CA. OTOH, you wrote the above in reply to Werner's > The business model of most CAs is to sell you a subscription by > setting the expiration time very low so that they can ask after a > year for another fee to create a new certificate. Here it does not > make sense to create a new private key every year. So, your point/hope probably was that a government based CA wouldn't have such a business model and would instead offer this service gratis to the people (so that more people would be protected from the NSA reading their mail). If this was your point then apparently I didn't see it when I first read your message. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
