While this is something that could be possible, it is unlikely to have actually occurred. In reality, there is some security in ensuring that there is only one opportunity for an adversary to compromise communication. If they miss that opportunity, the adversary's game is over. So, unless either 1) you are already of particular interest to the NSA, or 2) the NSA makes a habit of performing MitM attacks on people who email their public key, this protocol is probably safe for you. Not "256-bit equivalent" (or even "40-bit equivalent") safe, but probably safe. On 08/21/2013 03:43 PM, Tony Arcieri wrote:
On Wed, Aug 21, 2013 at 5:16 AM, Eugen Leitl <eugen@leitl.org <mailto:eugen@leitl.org>> wrote:
This past January, Laura Poitras received a curious e-mail from an anonymous stranger requesting her public encryption key. For almost two years, Poitras had been working on a documentary about surveillance, and she occasionally received queries from strangers. She replied to this one and sent her public key — allowing him or her to send an encrypted e-mail that only Poitras could open, with her private key
Then the NSA MitMed her unauthenticated plaintext email, replacing her public key with theirs, and were able to intercept all of the Snowden emails. Oops!
-- Tony Arcieri