On Tue, 9 Sep 2014, at 12:46 AM, Joel Rees wrote: > On Mon, Sep 8, 2014 at 4:12 AM, Elmar Stellnberger <estel...@gmail.com> > wrote: > > [...] > > P.S.: URL about NSA regularely intercepting laptop shipments: > > http://www.extremetech.com/computing/173721-the-nsa-regularly-intercepts-laptop-shipments-to-implant-malware-report-says > > > > Consider this -- How much is the NSA or some other similar > organization going to pay to run a man-in-the-middle on you? How much > would it cost them to intercept, not just the CD being shipped, but > also your queries on random mirrors? > > [...] >
The keys have also been posted to the mailing list at least once (look for a post by Theo in the thread "a half-baked analysis of the verification chicken-and-egg problem, and request"). The mailing list is mirrored by many different services (such as marc), so also comparing the keys against the various mailing list mirrors would create additional complexity for any organisation trying to MITM the keys you receive. -- Carlin
