Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



New Global Directory of OpenPGP Keys

hephro subverts PGP security model (234 comments)

After verifying an email address I got this:

After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.
In other words: they expect you to trust them based on the X.509 certificate they present... I hope people realize that with the inclusion of dozens of CAs in common browsers etc. this totally subverts the idea of a web of trust. -Hein

more than 9 years ago


hephro hasn't submitted any stories.


hephro has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?