[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PGP and Signed Messages,


this is a basic problem of PKI - is the key the correct one to use.
There is nothing to stop you from copying for example my key
information. That's why you need to check the received key over another
channel. For example I put my fingerprint on my website and it's also on
my business card.

A second way is looking at the signatures from other users thus it's not
the best method for validating an identity.


Am 19.02.2016 um 13:34 schrieb Nathaniel Suchy:
> I've noticed a lot of users of Tor use PGP. With it you can encrypt or sign
> a message. However how do we know a key is real? What would stop me from
> creating a new key pair and uploading it to the key servers? And from there
> spoofing identity?

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to