On 2021-01-17 at 23:43 +0000, Stefan Claas via Gnupg-users wrote: > I encountered only one MITM attack a couple of years ago so far, from an > SKS user. He was a retired police officer from Austria, who contacted me. > But what you say I was thinking about as well. My proposal was to include > in the policy file fingerprint(s) of key(s) and generate an .ots file, from > opentimestamps.org, from the policy file and put that .ots file somewhere. > In the old days it was common, prior starting encrypted comms to compare > fingerprints over other channels.
If you can safely publish that ots file, you could as well publish your openpgp key in the same place. And if you are exchanging fingerprints over a separate, secure channel, you can use that to directly verify/fetch the key. (It often makes sense to publish it in many redundant ways, but strictly it _shouldn't_ be needed) Best regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
