On 05/02/14 21:06, Werner Koch wrote: > Almost all X.509 certification in public use certify only one of two > things:
I never intended my message to say I would trust any CA. Hauke was looking for a way to leverage trust in a CA; I was merely contributing something I thought he might find interesting. By the way, I still think the CA certifies that the certificate belongs to the person or role identified by the DN. The problem is that when someone vouches for the truth of something, that doesn't make it an actual fact. It sometimes means the certifier is simply sloppy or a liar. Certification is a statement, not truth. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
