On 14/01/16 19:48, Lachlan Gunn wrote: > so unless you can find the key through some out-of-band source, then for the > initial contact you have to choose between either making an educated guess as > to what the key is, or sending in the clear.
Or send them an e-mail saying "I've got something to say I don't want in cleartext for passive attackers to read; could you send me your key ID?" > I just wanted to know whether there was anything useful that one could do > with the current infrastructure when they _knew_ that they were already > under attack. When you know the channel is being modified, you need an out-of-band something to bootstrap. I think this is fundamental, independent of infrastructure. But I'm too tired and hungry to think about it much :). Should eat... By the way, "under attack" is a too generic term to usefully discuss stuff. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
