[privasectech]

Interesting that you can only buy an OpenPGP smart card from a supplier with a broken SSL implementation. https://shop.kernelconcepts.de/login.php

[agwa]

They're not broken; they're simply using cacert.org instead of a mainstream CA. From a business standpoint, that's a terrible idea for selling to the general public, but from a security perspective it's fine.

Incidentally, they sign their order confirmation emails with PGP. :-)