On 18/03/12 19:13, freej...@is-not-my.name wrote:
> Not necessarily but even if they did, how do they have access to the key?

The attacker is doing you a real service getting /your/ key signed then :)

Wasn't the purpose of the attacker to get his /own/ key falsely signed? The key
he does have access to?

BTW, your e-mail service provider does, necessarily, have access to mails sent
to your e-mail account. SSL/TLS might encrypt the connection to the SMTP server
serving your e-mail address, but the provider has the certificate for that
server, or more generally, has full access to their own server. So the
administrators of that SMTP server have full access to any mails sent to your
account, if they want to.

Obviously using GnuPG solves that problem, but not before identity is
established, and here we are talking about establishing that.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

Gnupg-users mailing list

Reply via email to