[tahoe-dev] SSL samurai attack migration ninjas, film at 11
James A. Donald
jamesd at echeque.com
Sat Oct 29 06:21:06 UTC 2011
On 2011-10-29 3:46 PM, Olaf TNSB wrote:
> I'm not sure that I could be as relaxed about self signed certs as you. It
> feels a lot like when I download code with a gpg/pgp signature where the
> signing key hasn't been signed by anyone...
Do you feel much worse about code with gpg signature that whose key is
not connected to any web of trust, than code that is unsigned?
Actually an unsigned code signing key is just as good as one connected
to the web of trust, since the main thing that is useful to know is that
version 1.7 is issued by the same people as version 1.6.
More information about the tahoe-dev