Mercury

Sean Conner sean at conman.org
Wed Jun 24 23:03:51 BST 2020

Previous message (by thread): Mercury
Next message (by thread): Mercury
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It was thus said that the Great defdefred once stated:
> On Wednesday 24 June 2020 18:32, Case Duckworth <acdw at acdw.net> wrote:
> > If transmissions are sent in the clear, anyone in the middle (ISP,
> > malicious actor) can modify any data, including a PGP signature (meaning
> > a malicious actor could change the PGP signature to their PGP signature,
> > then impersonate the person). TLS encrypts thetransmission between the
> > two endpoints, which is the only way to guarantee the message hasn't
> > been tampered with.
> 
> When you are reading pgp signed document from a server where you own a
> defined set of public pgp keys, you don't fear MITM attack (the same way
> TLS is secure only with a PKI).
> 
> The difference is that external PGP signature are all computed only at
> document publication time and not on the fly for each user request.

  How do you safely get my public key?

  -spc

Previous message (by thread): Mercury
Next message (by thread): Mercury
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list