On Thu, 28 Jul 2011 08:29, k...@grant-olson.net said: > attacker could have forged both. They could in other circumstances as > well, but it's less likely for someone to forge both a public key on the > keyservers (or your personal website, or your business card, etc), and a > signature on a forged email. They need to compromise two lines of defense.
Why? Sending a key to a keyserver is cheap. The validity of the key needs to be established by different means; for example using the WoT. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
