[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Digital Signatures
[No References: because due to an error I was not
subscribed to misc@ the last few days]
>Devdas Bhagat wrote:
>> On 08/03/02 01:12 +0000, Thorsten Glaser wrote:
>>>I have a proposal for distributing digitally signed information
>>>about OpenBSD which is fairly light-weight.
>> Ummm, may I suggest PGP? Free, and pretty easier to secure, plus you
>> assign multiple levels of trust.
>> You really don't need a central registrar, just a web of trust.
>> Again, simply sign the SSL certificate using a pgp key and we can
>> trust the self signed certificate.
>> Devdas Bhagat
>Even better than that is gpg
>a fully compatible opensource pgp clone.
I did specifically write about a solution using openssl,
because it is in the base system and uses quite standard
approaches, whereas pgp/gpg/OpenPGP has several levels
of compatibility and is not that trusted (at least for
pgp >2.6.3i); furthermore gpg has a completely different
But my main argument here is that openssl _is_ in the
base system and it is not much effort to generate or
check signatures. Neither is importing/exporting
As I said, I will put it all on a HTML page if this
Yes, I am root on my box, my friends' boxen and my mailgate.
And yes, I do know how to handle it. Yes, I know about kill-
rules, too. So WTF do you still bother filling my syslog?