[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, Oct 10, 2006 at 06:37:16PM +0200, Florent Rougon wrote:
> Hi,
> 
> David Clymer <david@hrcsb.org> wrote:
> 
> > With a signature, he just has to trust that signer f00's key has not
> > been compromised, thus the published host key info is trustworthy and a
> > MITM is not happening.
> 
> To be honest, I believe the MITM attack problem could be mitigated by
> the certificate when accessing db.debian.org via HTTPS instead of HTTP.
> 
> But trusting the certificate is still a problem for me. Even with
> ca-certificates installed, galeon says the certificate cannot be
> trusted; I subsequently imported the certs from /etc/ssl/certs into
> galeon, which brought the question of whether I trusted that this came
> from "Autoridade Certificadora Raiz Brasileira", at which point I

The SPI certificate is there if you install ca-certificates:
/etc/ssl/certs/spi-ca.pem
/usr/share/ca-certificates/spi-inc.org/spi-ca.crt


Kurt
Reply to: