incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: key signing
Date Thu, 11 Oct 2012 13:46:06 GMT

On 11 Oct 2012, at 09:57, Noah Slater wrote:

> On Thu, Oct 11, 2012 at 9:01 AM, Nick Kew <> wrote:
>> You have to extend that assumption not only to our infrastructure but to
>> every proxy that might come between us and a user, and that might
>> substitute a trojan along with the trojan's own SHA1.
> The same reasoning holds for the .asc file.

Only if there are no WOT paths to improve confidence in it.

And only if noone ever detects the imposter, which is a lot less
likely with a trojan PGP key (someone in particular is being
impersonated) than a checksum (owned by noone).

Nick Kew

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message