Including public key

Werner Koch wk at
Thu Jul 28 11:20:14 CEST 2011

On Thu, 28 Jul 2011 08:29, kgo at said:

> attacker could have forged both.  They could in other circumstances as
> well, but it's less likely for someone to forge both a public key on the
> keyservers (or your personal website, or your business card, etc), and a
> signature on a forged email.  They need to compromise two lines of defense.

Why?  Sending a key to a keyserver is cheap.  The validity of the key
needs to be established by different means; for example using the WoT.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list