Trusting other keys a message was encrypted to

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Sat Nov 7 03:01:38 CET 2015



[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation]

> On 06 Nov 2015, at 22:37, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
> 
> I'll partially go along with that. It was reasonable for the sender to
> encrypt to those keys because the sender "trusts" them; fair enough.
> But that doesn't address my question of "Is it reasonable for the
> recipient to want to check whether or not *they* "trust" the other
> keys to which the sender encrypted the message?" or my assertion that
> GnuPG does not perform this check.
> 
> 
> 

I'm not really sure if I understand what this would protect against; The sender can send the information in multiple emails, even forward it unencrypted without you having any control of it.


More information about the Gnupg-users mailing list