Please test :)
David Shaw
dshaw at jabberwocky.com
Mon Aug 17 20:26:39 CEST 2009
On Aug 17, 2009, at 2:17 PM, Marcus Brinkmann wrote:
> David Shaw wrote:
>> There is also a check-cert / no-check-cert option to enable
>> checking or
>> not. It's actually a bit of a question whether the default should
>> be to
>> check or not to check (it's currently defaulting to check). Usually,
>> you'd want to check by default, but in the case of OpenPGP keys, the
>> keys are not validated by the keyserver anyway.
>
> Protecting the channel is important if for example replay attacks
> are a
> concern, and you want to avoid a man in the middle providing out of
> date keys
> and suppressing revoke certificates.
Yes, and so the default for cert checking is on to be extra safe, but
I don't think that case is very common. Most people just talk to a
public keyserver that they do not have any particular relationship to.
David
More information about the Gnupg-devel
mailing list