Torproject disease infects WhatsApp - User experience trumps(sic) security
John Newman
jnn at synfin.org
Tue Jan 17 09:18:36 PST 2017
> On Jan 17, 2017, at 12:11 AM, Shawn K. Quinn <skquinn at rushpost.com> wrote:
>
>> On 01/16/2017 11:00 PM, James A. Donald wrote:
>> Is hard.
>>
>> Suppose I want to talk to you about something that is actually
>> important. I ask you to email me your public key. How do I know that
>> the key I receive is the key you sent?
>
> If you think someone's monkeying with your email, then you don't do the
> key exchange that way, you do it in person or at the very least you
> verify it in person or over the phone.
>
>> One solution is to make your public key as public as possible, affix it
>> to all your communications and never change it.
>>
>> But you are not doing that.
>
> That's what keyservers are for. Affixing the key to every message is a
> needless waste of space.
>
You can also serve your keys on a web server you control over HTTPS with a legit signed certificate. $8 from comodo, free from the let's encrypt people and startssl people....
This is one of the nice things about keybase.io.
> --
> Shawn K. Quinn <skquinn at rushpost.com>
> http://www.rantroulette.co
> http://www.skqrecordquest.com
>
More information about the cypherpunks
mailing list