On 26/02/13 07:43, Doug Barton wrote: > That worked for me, although I was a bit disappointed that placing the cert at > /etc/ssl/certs/ca.hkps.pool.sks-keyservers.net.cert didn't work like all the > docs said it should.
Please realise that if it would have worked, you would have installed that sks-keyservers certificate authority as a system-wide certificate authority, and your browser and other programs might[1] happily accept a certificate for your e-mail provider or your banking site created and signed by the sks-keyservers CA. In other words, trusting a certificate authority is currently an all-or-nothing thing where you now trust them to certify any SSL-protected service you connect to. While I appreciate the sks-keyservers folk, I would never install their CA as a system-wide CA. Actually, I already distrust "proper" CA's :). Peter. [1] I say "might" because those programs could have their own list of CA's and not use the system-wide one. Like Firefox and Thunderbird. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
