Stan Tobias <st...@privatdemail.net> wrote: >Peter Lebbing <pe...@digitalbrains.com> wrote: >> On 24/10/13 01:15, Stan Tobias wrote: >> > , then why do we believe WoT authenticates anything? Why do we >accept, for >> > example, a conversation by telephone to validate a key fingerprint? >> >> Because these are verifications outside the Web of Trust. > >Is that the only requirement? Then I have fantastic news for you!
The idea of using a different channel for confirming key details such as a key fingerprint is really a way of trying to avoid a man-in-the-middle attack on the verification of the key and its UIDs. It is not entirely foolproof--nothing is. It isn't any more complicated or foreign than if your friend sends you an attachment in an email and you call him, send him an SMS message, or talk to him face-to-face to confirm that the message was him before you open it. Cheers, --Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
