Adventures in setting up GPG for home, work, and SHA-256
So, 2011 is the year that really brought home just how broken the modern Certificate Authority system is. Basically, if you have a company whose entire revenue model is taking money from people to say that they are who they say they are, it shouldn’t be surprising that they’ll just take money to say somebody is whoever they want. I’d been using S/MIME with a free certificate to sign my emails (at least when emailing people who wouldn’t be too confused by doing so), but I decided that really I needed to switch to the OpenPGP Web of Trust model for it to really be making any sense.