On 18/03/12 19:13, freej...@is-not-my.name wrote: > Not necessarily but even if they did, how do they have access to the key?
The attacker is doing you a real service getting /your/ key signed then :) Wasn't the purpose of the attacker to get his /own/ key falsely signed? The key he does have access to? BTW, your e-mail service provider does, necessarily, have access to mails sent to your e-mail account. SSL/TLS might encrypt the connection to the SMTP server serving your e-mail address, but the provider has the certificate for that server, or more generally, has full access to their own server. So the administrators of that SMTP server have full access to any mails sent to your account, if they want to. Obviously using GnuPG solves that problem, but not before identity is established, and here we are talking about establishing that. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
