On 06/06/12 17:58, Mika Suomalainen wrote: >> D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 > Looks correct. > > ``` % gpg --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpg: > requesting key 4F25E3B6 from hkp server pool.sks-keyservers.net gpg: key > 4F25E3B6: public key "Werner Koch (dist sig)" imported
I agree it appears he has the correct key. I did a local sig on it after what checking I seemed to be able to do without meeting people in person. But it's a bit unclear to me on what basis you decided it looked correct? Your mail suggests to me that you decided that based on the fact that the UID on that key is "Werner Koch (dist sig)". But that would be the very first thing a potential attacker would duplicate in his effort to fool our OP. Even if he's using MITM tricks to subvert his system, he can still post his personally generated key to the keyserver with this UID. Peter. PS: I briefly considered signing this message, because the attacker might MITM my message to the OP. Then I realised what good that signature would do :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users