On Thu, 5 Apr 2018 08:56:04 +1000, Andrew Rowley wrote:
>... You trust your vendor implicitly by using their browser.
>>
>> THAT is what CA/Browser Forum (CAB) industry group is all about.
>Right, but I was just nitpicking the statement that a public key on a
>website doesn't require a CA.
>
>Whether the key itself is signed by a CA, or a second key used to
>establish a secure session to get the first key is signed by a CA, a CA
>is still involved.
>
I'll fall back to Charles's nostalgic assertion,
"..., before the use of SSL/TLS browsing was widespread, the idea was that
my public key was "public knowledge."
I recall those halcyon days when a frequent dialog on BBSes was:
"Will you sign my PGP key?"
"No."
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
