On Fri, Feb 4, 2022 at 8:19 PM Keith Lofstrom <kei...@kl-ic.com> wrote: > > Is PGP still an OK way to encrypt a document to send > securely as an attachment via email?
Yes. > > Is there a "phonebook" of trustworthy PGP public keys? Yes, there are many to choose from, but your interlocutore might not be listed. The "trustworthiness" comes from having them confirm their public key fingerprint over the phone or something you can convince yourself is correct. The other issue is whether they are the sole possessor of their private key, that it hasn't been compromised somehow. You kind of have to trust them on that. > > Not really an explanation of what I need: > I occasionally want to send secure messages to people > I don't know well, prior to negotiating more secure > connections. I don't need supersecure; if I ever do, > I will hire a crypto-genius to help, bekuz I maek mizdaeks. > > Yes, MITM attacks are a thing; but then, MITM can replace > good advice on the Plug list with bad advice (Randy Bush > said that? Seems odd, but I trust him ...) > > Keith L. > > -- > Keith Lofstrom kei...@keithl.com
