How to find and verify a trust path?
philip at foolip.org
Wed Sep 18 22:58:04 CEST 2013
On Wed, Sep 18, 2013 at 10:20 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 09/18/2013 04:14 PM, Philip Jägenstedt wrote:
>> Yeah, that sounds like a useful approach. If I assume that the Wayback
>> Machine isn't part of a conspiracy against me, then I could use it to
>> check what signing keys were listed on gnupg.org in the past:
> Given that the above link is cleartext (http instead of https), you're
> also trusting every machine connected to the network path between you
> and web.archive.org to not imperceptibly MITM your connection.
Yes, of course I would need to check it from multiple networks, but
even that is no guarantee, since the MITM could just be very close to
More information about the Gnupg-users