Signing a key (meaning)

Jan Janka takethebus at
Sun Apr 10 20:48:27 CEST 2011

>>>But the e-mail access control check *does* protect
>>>against the attack scenario where at the time of
>>>keysigning, Eve does *not* have access to Bob's inbox.

>> Yes, but the fingerprint check already protects against
>> that, so why do we need another check?

>Please describe how checking key fingerprints is in any way related to
>email addresses.

You are right, there's actually no direct connection, sorry. I was thinking about a friend who sends me his key via email. Because I don't want to rely on the fact he is the only one who has access to his email account and there might be a "man in the middle", too, I do the fingerprint check on the phone. 

But my ponit is as follows:
One reason we use GnuPG for is we think it is significant likeky there's a "man in the middle attack" or someone has access to email accounts he should not have. Given that, what benefit does one take from knowing my communication partner has access to a certain email account?

I'm grateful for answers,

More information about the Gnupg-users mailing list