On Sun, Jan 17, 2021 at 10:27:24PM +0100, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
> On Sun, Jan 17, 2021 at 10:16 PM Juergen Bruckner via Gnupg-users > <gnupg-users@gnupg.org> wrote: > > Please try to accept that GitHub's SSL cert is *valid*, or do you think > that a CA certifies and invalid cert? Please try to accept that github's certificate is only valid for the domains that the CA certified it as being valid for (which are listed in the certificate itself for all to see), and that it is not valid for any other domain (that the CA did not certify it as being valid for). I thought the passport example was very good. A slight tweak (for wildcard certificates) is to imagine a passport that identifies a person and their children, but not their grand children. I think such passports exist (or used to), but only for very young children. It's not a perfect analogy, but I hope it paints the picture well enough. cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
