On 01/14/2018 01:04 PM, Heiko Richter wrote: > The fact that your GPG client shows a secure connection is > either due to a faulty/incomplete validation algorithm that doesn't > check the ca signature of the servers cert or because "Kristian-CA" is > hardcoded into GnuPG. I don't know which one it is and don't really care > because both situations would be relics of 90s-incompetence that > compromise security and should have been removed from gnupg years ago.
Quite the contrary, this is the correct behavior from a security perspective. And yes, the CA is included for the pool specifically. Using HKPS from web browser is less of an issue as that is wrong use of keyservers in nine out of ten situations as a local client is anyways needed to properly validate the packet information provided in the OpenPGP keyblock. That said I'm a bit surprised about this discussion, nobody is required to use a single pool of keyservers. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Amantes sunt amentes Lovers are lunatics
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel