How to find and verify a trust path?

Philip Jägenstedt philip at
Wed Sep 18 22:58:04 CEST 2013

On Wed, Sep 18, 2013 at 10:20 PM, Daniel Kahn Gillmor
<dkg at> wrote:
> On 09/18/2013 04:14 PM, Philip Jägenstedt wrote:
>> Yeah, that sounds like a useful approach. If I assume that the Wayback
>> Machine isn't part of a conspiracy against me, then I could use it to
>> check what signing keys were listed on in the past:
> Given that the above link is cleartext (http instead of https), you're
> also trusting every machine connected to the network path between you
> and to not imperceptibly MITM your connection.

Yes, of course I would need to check it from multiple networks, but
even that is no guarantee, since the MITM could just be very close to

Philip Jägenstedt

More information about the Gnupg-users mailing list