sending in band public key

Tim Prepscius timprepscius at gmail.com
Thu Aug 1 23:14:34 CEST 2013


> Sending the public key is not common with OpenPGP - You send it out of
> band.  Only S/MIME resorts to this kludged due to the non-standardized
> way of looking up keys (Oh well, unless you use the global X.500
> directory ;-)


If I were to send a public key in-band.

Is the security concern that the mail could be intercepted in route
and the key be replaced by a different key?  MITM.

Or are there other security concerns as well?

-tim



More information about the Gnupg-devel mailing list