Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PGP vs. certificate from Verisign

From: "Kamal Habayeb" <mountainfury () hotmail com>
Date: Sat, 10 May 2003 11:45:27 -0500
Excellent point, it makes me wonder too if the CA holds on to your keys and
maybe has some sort of agreement with the government to act as a key escrow
incase the government needs to decrypt some of your information.  I find it
hard to believe that the government just gave up after a couple of attempts
early on to control the crypto and be able to decrypt any information
(Clipper chip and mandatory key escrow in 1995).

-----Original Message-----
From: Georgi Guninski [mailto:guninski () guninski com] 
Sent: Saturday, May 10, 2003 11:07 AM
To: Kamal Habayeb
Cc: full-disclosure () lists netsys com

I am not an expert, but AFAIK at some time the key issuer have your
*private* 
key because they issue the key. I am not comfortable someone else having my 
private key no matter if they claim they don't keep it.

Georgi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: