[Ach] StartSSL for Business Sysadmins
Martin Rublik
martin.rublik at gmail.com
Tue Jan 14 09:21:02 CET 2014
On 14. 1. 2014 9:09, Tobias Dussa (SCC) wrote:
> So in what world are GPG and SSH better concepts? Yes, they do provide the user
> the theoretical possibility to do key verification in a more sensible way. That
> doesn't mean that people actually do that. In fact, at this point, I'd say that
> the vast majority of serious GPG users are somewhat concerned about their
> privacy, certainly more so than the average, and even THESE people don't always
> verify stuff properly.
You are not alone, see Peter Gutmann's Do Users Verify SSH Keys?
https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf
Martin
More information about the Ach
mailing list