[egeozcan]

There seems to be also a windows implementation: http://www.gpg4win.org/ (Wondering why the site doesn't use ssl, though)

On a related note, I have a hard time understanding why a web site talking about digital security also doesn't have a certificate.

[IgorPartola]

Lots of GPG themed sites do not. Notice that key servers provide web access over plain HTTP as well. My best guess is that they do not want to buy into the CA infrastructure and provide security using GPG itself. Also check out MonkeySphere.

[egeozcan]

> My best guess is that they do not want to buy into the CA infrastructure and provide security using GPG itself.

This may be true (I really have no idea) but isn't it like travelling on a highway at night with your normal lights turned off because you have a better system based on infrared? After reading about the story of that guy who hacked into a computer by MITMing the notepad++ site, I became even more convinced that all pages must have certificates. Nowadays it's also possible to get a basic ssl cert for free, I can't figure out what the catch is really.

[IgorPartola]

Don't get me wrong, I agree with you. Even my personal 100% static content site is served over HTTPS only. I am just commenting on the pattern that any GPG-themed sites I've seen follow.