On Mon, 13 Oct 2014 23:43:47 +0300 GÃkÅin Akdeniz <goksin@xxxxxxxxxxxxxxxxx> wrote: > Run: gpg --search-key "Paolo Cardullo" and import the key. > > Please use OpenPGP and GnuPG properly He is using OpenPGP and GnuPG properly, but I believe you miss some important fact about it. The original author did not give the key details nor he did put his key id (before you added to your keyring). Somebody reading this list could have created a key pair, and uploaded to keyserver. Now you might have malicious key, which you will use to encrypt your emails, and somebody having an access to that e-mail address (via ISP or AOL) could read your email. Do not blindly add keys just by searching the name. Wait for the original author to at least verify using e-mail, or his web address. Of course, there would be no guarantee for e-mail to be changed during the transport. But it is a little unlikely to both change e-mail and key on the web server. It depends on your threat model. I hope I made my point. Regards, Grace H. -- D8C9 EF71 ADC3 0533 29DE 3A80 1152 D1CB 8D9C 47FD
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk