Key selection order

Peter Lebbing peter at
Thu Jan 14 19:59:50 CET 2016

On 14/01/16 19:48, Lachlan Gunn wrote:
> so unless you can find the key through some out-of-band source, then for the
> initial contact you have to choose between either making an educated guess as
> to what the key is, or sending in the clear.

Or send them an e-mail saying "I've got something to say I don't want in
cleartext for passive attackers to read; could you send me your key ID?"

> I just wanted to know whether there was anything useful that one could do 
> with the current infrastructure when they _knew_ that they were already
> under attack.

When you know the channel is being modified, you need an out-of-band something
to bootstrap. I think this is fundamental, independent of infrastructure. But
I'm too tired and hungry to think about it much :). Should eat...

By the way, "under attack" is a too generic term to usefully discuss stuff.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list