|
|
|
|
|
|
by bmm6o
1490 days ago
|
|
|
> Whether or not it's scalable is orthogonal to the question If it's not scalable to the web then it's not a replacement for the current solution. > whether it's authenticated by TLS or PGP is literally isomorphic PGP is a viable solution in this scenario because there is a single organization that is signing a known set of packages. It doesn't provide confidentiality and can't authenticate arbitrary responses. A narrow use case that doesn't require a CA does not make a strong argument that CA's are unnecessary in general. |
|
|