> If so, suppose an attacker inserted a fake key with my details into an > HKP keyserver. What should I do?
First, recognize that this has likely already happened, and the world hasn't ended. :) Look at how many certificates there are for presid...@whitehouse.gov, for instance. > Is there an obvious way to deal with this that I'm missing Fingerprint verification. An attacker can create a fraudulent certificate, but an attacker cannot (to the best of our knowledge) create a certificate that has an identical fingerprint to the real one. And if you're concerned about this, then retrieve certificates based on fingerprints, not on email addresses. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
