@Stefan, are you aware that in your scheme involving sac001.github.io,whoever
convinces GitHub to give them control over that subdomain, cansilently replace
those public keys and start a man-in-the-middle attack?You could not even rely
on the TLS layer, because GitHub probably willnot revoke their wildcard
certificate just for you. Hijacking a GitHubPages user name seems more likely
than taking over a well secured domainhosting account.I encountered only one
MITM attack a couple of years ago so far, from anSKS user. He was a retired
police officer from Austria, who contacted me.But what you say I was thinking
about as well. My proposal was to includein the policy file fingerprint(s) of
key(s) and generate an .ots file, fromopentimestamps.org, from the policy file
and put that .ots file somewhere.In the old days it was common, prior starting
encrypted comms to comparefingerprints over other channels.And regarding secure
domains, would you consider VPS servers securetoo for WKD?I must say good night
now.BTW. I did not received yet your reply for my two other accounts, hence
thelate reply.Best regardsStefan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
