Key selection order
Peter Lebbing
peter at digitalbrains.com
Thu Jan 14 19:59:50 CET 2016
On 14/01/16 19:48, Lachlan Gunn wrote:
> so unless you can find the key through some out-of-band source, then for the
> initial contact you have to choose between either making an educated guess as
> to what the key is, or sending in the clear.
Or send them an e-mail saying "I've got something to say I don't want in
cleartext for passive attackers to read; could you send me your key ID?"
> I just wanted to know whether there was anything useful that one could do
> with the current infrastructure when they _knew_ that they were already
> under attack.
When you know the channel is being modified, you need an out-of-band something
to bootstrap. I think this is fundamental, independent of infrastructure. But
I'm too tired and hungry to think about it much :). Should eat...
By the way, "under attack" is a too generic term to usefully discuss stuff.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list