Mercury

defdefred defdefred at protonmail.com
Wed Jun 24 22:29:37 BST 2020

Previous message (by thread): Mercury
Next message (by thread): Mercury
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 24 June 2020 18:32, Case Duckworth <acdw at acdw.net> wrote:
> If transmissions are sent in the clear, anyone in the middle (ISP, malicious actor) can modify any data, including a PGP signature (meaning a malicious actor could change the PGP signature to their PGP signature, then impersonate the person). TLS encrypts thetransmission between the two endpoints, which is the only way to guarantee the message hasn't been tampered with.

When you are reading pgp signed document from a server where you own a defined set of public pgp keys, you don't fear MITM attack (the same way TLS is secure only with a PKI).

The difference is that external PGP signature are all computed only at document publication time and not on the fly for each user request.

freD.

Previous message (by thread): Mercury
Next message (by thread): Mercury
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list