>On Thu, Feb 6, 2014 at 2:20 PM, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> >wrote: > >On Thursday 6 February 2014 at 6:29:35 PM, in ><mid:20140206102935.horde.-af3gsq0xd6sxqnzge2i...@mail.sixdemonbag.org>, >Robert J. Hansen wrote: >> When you decide which certificates to accept, you are >> serving as your own CA. > >No I am not. An example of a similarly false statement would be "When >a trader does not employ an accountant he is serving as his own >accountant."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, in my layman's understanding, you both may be correct. Technically, a CA is a trusted third-party; you are a trusted first party (to abuse terminology). The buck always stops at you, but when using a CA, you make the (un)conscious decision that they are trustworthy and that the trust that THEY have is transitive (you will accept it without question). On the other hand, the analogy with accountants may or may not be correct. When using certificates, the desideratum is the same--to determine the trustworthiness of the second party. Whether the first party does this actively, or passively through acceptance of the third party's decision does not really matter. With the accountant, if the trader keeps the necessary records and files the necessary forms, then the trader is serving as his or her own accountant. Otherwise, there is no one acting as an accountant and the local securities or taxation authorities can swoop in and levy sanctions. Semantics aside, Robert is correct that in actuality there is only one issuer of trust that matters--you. If you are willing to give Mozilla blanket transitive trust, so be it, but it is still your decision--conscious or otherwise. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 - GPGshell v3.78 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iL4EAREIAGYFAlLz9GhfGGh0dHA6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbS9wa3Mv bG9va3VwP29wPWdldCZoYXNoPW9uJmZpbmdlcnByaW50PW9uJnNlYXJjaD0weDBE NjJCMDE5RjgwRTI5RjkACgkQDWKwGfgOKfmrXAD/WKzwn3AcyT973UkJIuCzUzm3 EefUv/Uk+V7ZSR0GGKgA/ik3n2afN/UInmZYV8p/L1jPYc2kDCX0L123YnoXYIxo =i+me -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.w...@gmail.com> Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
