Key Discovery Made Simple
Mirimir
mirimir at riseup.net
Wed Aug 31 04:27:31 CEST 2016
On 08/30/2016 10:04 AM, John Hein wrote:
> Werner Koch wrote at 16:39 +0200 on Aug 30, 2016:
> > Hi,
> >
> > I just published a writeup on how to setup the Web Key Service at
> > https://gnupg.org/blog/20160830-web-key-service.html
> >
> > A plain text copy is below. If you have comments, please send them as
> > reply.
>
> Nice writeup.
>
> Maybe add some _brief_ words about trust. We understand how
> keyservers can provide an "invalid" key. This is a tad bit more
> elaborate, but could still be abused.
>
> The thing about trust for the laymen is that it'd be nice if there was
> a short not overly technical presentation about how various methods
> can be compromised and how to be reasonably sure about safety. So
> that the user can decide about when and how they might want to do
> additional vetting.
>
> Someone could set up an https://wernerkoch.info with a bogus key, send
> out an email impersonating Werner and pointing to that web service,
> right?
What are the defects in <https://keybase.io/>?
More information about the Gnupg-users
mailing list