Re: PGP vs. certificate from Verisign

[Steve Poirot <poirotsj () gci net>]

I'm 98% sure that the key pair is generated on the client machine and 
that just the public key is transmitted to the CA.  The reason I say 98% 
instead of 100% is that it's possible that a CA just makes it look like 
that's what's happening.  This could be verified by sniffing the session.  

Steve Poirot

Georgi Guninski wrote:

> I am not an expert, but AFAIK at some time the key issuer have your 
> *private* key because they issue the key. I am not comfortable someone 
> else having my private key no matter if they claim they don't keep it.
>
> Georgi
>
> Kamal Habayeb wrote:
>
> > Greetings,
> >
> > I'm trying to get some expert opinions on which is better.  Using 
> > Outlook
> > 2002, would it be better to use PGP to encrypt messages or use the 
> > built-in
> > option with a digital certificate from Verisign (or some other CA)?
> >
> > Thanks,
> >
> > Kamal
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html