On Tue, Jan 31, 2012 at 8:15 AM, Werner Koch <w...@gnupg.org> wrote: > On Tue, 31 Jan 2012 00:06, faramir...@gmail.com said: >> Hello, >> Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 ( >> 0x4F25E3B6 ) the current key used for signing files? I suppose it is, > > Yes, it is. See my OpenPGP mail header for a list of all my keys and > their descriptions. > > There is a small error in the announcement: > > gpg --recv-key 4F25E3B6 > > The distribution key 1CE0C630 is signed by the well known keys > > It should say > > gpg --recv-key 4F25E3B6 > > The distribution key 4F25E3B6 is signed by the well known keys
I've long thought that one nightmare scenario for OpenPGP would be an ISP or other network gateway that transparently scanned all data passing through it looking for specific key ids and fingerprints and which silently changed them in webpages, email etc to fraudulent values. I can't imagine that it would be that difficult, and it would be difficult to detect as well as tripping up anyone who relied on "well-known" keys. N _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
