Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing:

> But what about that Man in the Middle who does nothing more than
> receive your message encrypted to their key and forward it to the
> real recipient you are building a trust relationship with?

He does have to do more: He has to intercept the messages or deceive you 
about the email address to use. Both is possible, both are non-triviasl 
tasks so that you also have to ask: If he can to that why assume that he 
doesn't just hack your system?


> That MITM
> is following and logging your interesting conversation without either
> of you noticing...

So would he with unencrypted messages. Certificate validation does not 
appear from nowhere. Either you have it or you don't. And in reality you 
usually have to send the message anyway.

IMHO we especially need education for the masses that they become aware 
that different messages require different security levels (in all areas: 
key security, authentication security and system security). OpenPGP is 
not a model technology in that regard, too.

As you can read German, at least slowly... ;-)
http://www.crypto-fuer-alle.de/wishlist/securitylevel/


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to