[Full-Disclosure] PGP vs. certificate from Verisign

[Kamal Habayeb]

Excellent point, it makes me wonder too if the CA holds on to your keys and
maybe has some sort of agreement with the government to act as a key escrow
incase the government needs to decrypt some of your information.  I find it
hard to believe that the government just gave up after a couple of attempts
early on to control the crypto and be able to decrypt any information
(Clipper chip and mandatory key escrow in 1995).

-----Original Message-----
From: Georgi Guninski [mailto:guninski at guninski.com] 
Sent: Saturday, May 10, 2003 11:07 AM
To: Kamal Habayeb
Cc: full-disclosure at lists.netsys.com

I am not an expert, but AFAIK at some time the key issuer have your
*private* 
key because they issue the key. I am not comfortable someone else having my 
private key no matter if they claim they don't keep it.

Georgi