Including public key
Werner Koch
wk at gnupg.org
Thu Jul 28 11:20:14 CEST 2011
On Thu, 28 Jul 2011 08:29, kgo at grant-olson.net said:
> attacker could have forged both. They could in other circumstances as
> well, but it's less likely for someone to forge both a public key on the
> keyservers (or your personal website, or your business card, etc), and a
> signature on a forged email. They need to compromise two lines of defense.
Why? Sending a key to a keyserver is cheap. The validity of the key
needs to be established by different means; for example using the WoT.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list