[ale] emailing public dsa key (good, bad or ugly?)
David Corbin
dcorbin at machturtle.com
Wed Jan 25 14:37:23 EST 2006
On Wednesday 25 January 2006 06:52 pm, Michael Hirsch wrote:
> Why bother? Why not just send the public key? Isn't that why it's called
> "public"? It should be safe to publish the key in an newspaper or blog.
> Is there a risk we haven't heard of?
>
> You solution requires him to publish his public GPG key. Doesn't the same
> question apply?
The issue, I think, is one of idenitity/integrity. How does the reciever know
the key he recieves has not been "tweaked" during the sending? That is, it's
not that the public key is "something to hide", it's just something to be
SURE is from who you think it's from.
David.
More information about the Ale
mailing list