trust paths

Johan Wevers johanw at vulcan.xs4all.nl
Mon Mar 2 22:16:35 CET 2015


On 01-03-2015 13:27, Jonathan Schleifer wrote:

> You are assuming it will be spoofed for everyone. It could just
> be spoofed for you. Anybody who can MITM you and give you a fake
> SSL cert that you accept

Well, perhaps they could if the ONLY way I communicated wit someone
would be electronically. I usually discuss sensitive matters with people
I know personally, so I could compare key ID's when I meet the other in
person. No way to spoof that.

That might not work when whistleblowing to a reporter I don't know
personally bu then, I would either first talk to him personally or
remain completely anonymous.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




More information about the Gnupg-users mailing list