[Gpg4win-users-en] key 0xEC70B1B8 trustable ? Self-signed SSL cert in DANE dnssec ?
Werner Koch
wk at gnupg.org
Mon Nov 25 09:38:20 CET 2013
On Sat, 16 Nov 2013 17:09, bry8star at yahoo.com said:
> Why WK (Werner Koch) has not signed it ?
Because my policy has always been to sign only personal keys and not any
role keys. I may change this policy in the future, though.
> Why are you not signing your website's DNS with DNSSEC ? (or Why are
> you not placing your site's DNSSEC code in ISC DLV (free) site ? )
I am not convinced that DNSSEC increases the security in this case. I
might lure the use into false assumptions of a secure website. The
SHA-1 checksum or, better, the signature is IMHO more safe.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gpg4win-users-en
mailing list