----- Original Message ----- > > From: tech-boun...@lists.lopsa.org > > [mailto:tech-boun...@lists.lopsa.org] > > On Behalf Of john boris > > > > I am trying to create a PGP certificate using Kleopatra in Windows. > > I got the > > Public key created but when I went to send it to the server I get a > > window > > that says I should create a revoction certificate but the software > > doesn't tell > > you how to create this certificate and what I found using Google > > was of no > > help. Anyone on the list have a pointer to a good help document on > > this. > > I know this isn't what you asked for - but if you haven't at least > considered it, please consider it. ;-) For most people in most > purposes, SSL is easier to use and understand than PGP. I > acknowledge that in SSL, you must accept a "trust" relationship with > external entities such as Thawte and Verisign, etc, and if any of > those get compromised, it creates a security hole. But as long as > you feel you can accept that trust relationship, then it's as good > or better than PGP. This is the same trust relationship, by the > way, that you use when you connect to your bank or make any > purchases online, or anything else via https://, so when people > claim they don't trust any certificate authority, very rarely does > it actually stand up to any scrutiny. The only situation where I > see PGP as being better than SSL is when you can't accept the > certificate authorities as trustworthy, because you're trying to > hide something from the government (good luck with that) or if you > just need to b > ecome compatible with your friends who are already using PGP. In > PGP, you have to perform manual identity verification, rather than > using the central authority. Even if you accept a keyring from > your friend, you have to manually verify your friend, who's doing > the same job as a certificate authority. Chances are, you're not > asking your friend precisely what documented process of > verification they followed on all these other people... >
And, through CAcert you can get free certs....for email either unassured, 6 month, verified email address only. Or assured (50+), 24 months, full name added. Hmmm, didn't know I could've created an SSL cert from my gpg key.... But, when you're assured (50+) you can also have CAcert sign your gpg key(s). To get 50 points, you'll need to have been assured by at least two assurers. That reminds me....I should try to pass the test to become an assurer again. So, frustrating...I always miss by one question. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
