[Full-Disclosure] PGP vs. certificate from Verisign
mountainfury at hotmail.com
Sat May 10 17:45:27 BST 2003
Excellent point, it makes me wonder too if the CA holds on to your keys and
maybe has some sort of agreement with the government to act as a key escrow
incase the government needs to decrypt some of your information. I find it
hard to believe that the government just gave up after a couple of attempts
early on to control the crypto and be able to decrypt any information
(Clipper chip and mandatory key escrow in 1995).
From: Georgi Guninski [mailto:guninski at guninski.com]
Sent: Saturday, May 10, 2003 11:07 AM
To: Kamal Habayeb
Cc: full-disclosure at lists.netsys.com
I am not an expert, but AFAIK at some time the key issuer have your
key because they issue the key. I am not comfortable someone else having my
private key no matter if they claim they don't keep it.
Full-Disclosure is hosted and sponsored by Secunia.