On 09/09/13 04:06, Jose Luis Rivas wrote: > I have seen some worrisome about downloading stuff from a site without a > proper SSL certificate, specially nowadays with the NSA issues which > include them in the middle of the internet pipes.
SSL is precisely /not/ the technology to use to escape the NSA (more specifically, the Certificate Authority structure of the validation, I'm not talking about the SSL session itself). If there is /an/ organization that can spoof the authenticity of an SSL website, it'll be the NSA. I will eat my hat[1] if they don't have access to a few certificate authorities. If you want to verify authenticity of a downloaded GnuPG, verify it with GnuPG. Yes, I know, there's a problem there :). HTH, Peter. [1] Luckily, the washing label says "AZO free". I have no idea what that is, though. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
