How to find and verify a trust path?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Sep 18 22:20:18 CEST 2013
On 09/18/2013 04:14 PM, Philip Jägenstedt wrote:
> Yeah, that sounds like a useful approach. If I assume that the Wayback
> Machine isn't part of a conspiracy against me, then I could use it to
> check what signing keys were listed on gnupg.org in the past:
Given that the above link is cleartext (http instead of https), you're
also trusting every machine connected to the network path between you
and web.archive.org to not imperceptibly MITM your connection.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1027 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users