How to find and verify a trust path?

Daniel Kahn Gillmor dkg at
Wed Sep 18 22:20:18 CEST 2013

On 09/18/2013 04:14 PM, Philip Jägenstedt wrote:
> Yeah, that sounds like a useful approach. If I assume that the Wayback
> Machine isn't part of a conspiracy against me, then I could use it to
> check what signing keys were listed on in the past:

Given that the above link is cleartext (http instead of https), you're
also trusting every machine connected to the network path between you
and to not imperceptibly MITM your connection.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130918/a6c790d4/attachment-0001.sig>

More information about the Gnupg-users mailing list