On 01-03-2015 13:27, Jonathan Schleifer wrote:
You are assuming it will be spoofed for everyone. It could just
be spoofed for you. Anybody who can MITM you and give you a fake
SSL cert that you accept
Well, perhaps they could if the ONLY way I communicated wit someone
would be electronically.
Am 28.02.2015 um 19:15 schrieb Johan Wevers joh...@vulcan.xs4all.nl
I'm not talking about mathematically proving something. After all, a
government agency could make a false key with Werner Koch's name on it
and send someone who looks like him with real ID documents to a
keysigning party.
On 27-02-2015 22:30, Christoph Anton Mitterer wrote:
I meant in the sense that I want to trust e.g. Werner's key but haven't
met him in person yet,... but I might have an indirect trustpath to him
via some other persons (which I do trust).
Obviously I'll need any intermediate keys (and enough
On 28-02-2015 18:56, Christoph Anton Mitterer wrote:
I'm not sure but I fear you have some deep misunderstanding of
cryptography...
I'm not talking about mathematically proving something. After all, a
government agency could make a false key with Werner Koch's name on it
and send someone who
On Sat, 2015-02-28 at 18:39 +0100, Johan Wevers wrote:
OR, in case a key belongs to a well-known person, you've seen it
mentioned in enough places and seen it used to sign gpg packages to be
rather certain that if it were a forgery someone would have noticed by
now and made noise about it.
Am Fr 27.02.2015, 21:25:40 schrieb Christoph Anton Mitterer:
On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote:
So what exactly is the purpose of the keyserver then ?
Find trust paths
What could that be good for? If you do not make very strange assumptions
that could be of any use
On Fri, 2015-02-27 at 22:25 +0100, Hauke Laging wrote:
Find trust paths
What could that be good for? If you do not make very strange assumptions
that could be of any use only if you assign certification trust to
unknown keys which would be completely crazy.
I meant in the sense that I
Am Fr 27.02.2015, 22:30:41 schrieb Christoph Anton Mitterer:
Obviously I'll need any intermediate keys (and enough of them that I
personally decide it's trustworthy).
Once more we see the term that confuses nearly everyone:
You personally decide to trust a key – for it's certifications. That
