auto refresh-keys
Hauke Laging
mailinglisten at hauke-laging.de
Sun Jun 20 02:14:59 CEST 2010
Am Samstag 19 Juni 2010 13:36:15 schrieb MFPA:
> > Sending to several keyservers does not help if the MitM
> > attack point is on your side.
>
> Even if you send the key over an encrypted connection to a server? For
> example https://pgp.webtru.st/
No. Thus I wrote: "If your keyservers don't support TLS (I have no idea
whether the important ones use it) then you are open to a MitM attack".
So in order to be safe you need additional CPU load either for TLS or for
signing. Signing is superior IMHO because it allows reuse of the data (one
crypto action (covering less data) for several users vs. one for each user
with TLS) and makes more sense because you don't need a second crypto system
(X.509) to protect the first (OpenPGP).
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100620/dd543829/attachment.pgp>
More information about the Gnupg-users
mailing list