Anthony Papillion <papillion@gmail.com> writes:
Because GnuPG is open source, it's been extensively peer reviewed and found safe and secure.
That should actually say "because GnuPG is open source, people assume that someone else has extensively peer reviewed it and therefore assume that it's safe and secure". For example there was a long-standing RNG bug that was very obvious if you looked at the code, but was only discovered by chance when someone who was interested in the RNG happend to read through the code and thought "hmm, surely that can't be right". Having code that's open source doesn't help at all if no-one looks at it.
One of the best ways to learn about tech topics is reading RFC's. The entire way SSL/TLS operates is detailed in an RFC. Read I'd and you will be infinately more informed.
Argh, no. The best way to confuse someone is to get them to read an RFC. Find a good book on the topic, e.g. for SSL/TLS there's Eric Rescorla's "SSL and TLS: Designing and Building Secure Systems". Before that, read "Network Security: Private Communication in a Public World" by Kaufman et al. Peter.