17 Dec
2003
17 Dec
'03
11:17 p.m.
John Anonymous MacDonald writes:
The problem with the PGP public key servers is that one has absolutely no control over what gets uploaded there in one's own name.
Thats why people are supposed to use the web of trust to check the keys. You claim to make your key available by finger. How do you know that Mallet isn't switching the bits as they go down the wire to your correspondants? The only way to verify a key is to check known good signatures on it. Because of this, no security is needed on key storage facilities per se -- you aren't supposed to trust keys without signatures. Geesh. I thought this was obvious. I guess not. Perry