incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: key signing
Date Mon, 15 Oct 2012 20:33:31 GMT
Ah, so the key servers federate!  Cool.

Thinking about the Man-in-the-Middle PKE attack, that is a little difficult with OpenPGP.

That involves a man in the middle substituting their public key for mine and also arranging
to intercept messages sent to me that are encrypted using the MitM public key for decryption
and re-encrypted with my actual public key.

Since I can easily tell whether or not the public key retrieved from any one of the key servers
is one that goes with the secret key I have, it is pretty difficult to prevent me from detecting
a public-key substitution.  And I can check even deeper than matching fingerprint reports.

I think that is enough for two distant participants who are known to each other to find a
way to confidentially exchange something private known only to the two of them as a way to
confirm that their respective public keys are authentic and worthy of signing.  It does depend
on our actually being known to each other in a way that allows such a procedure to be contrived.

I'm going to try that with a distant friend of mine.

 - Dennis

-----Original Message-----
From: Daniel Shahaf [] 
Sent: Monday, October 15, 2012 11:22
To: Dennis E. Hamilton
Subject: Re: key signing

Dennis E. Hamilton wrote on Mon, Oct 15, 2012 at 11:07:56 -0700:
> <>.  (I'm not sure
> where this is fetched from, so I'm not sure how counter-signed versions


> show up.)

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message