On Fri, May 10, 2024 at 02:16:12AM +0200, Eike Rathke wrote: > Hi, > > On Thursday, 2024-05-09 19:15:59 -0400, Derek Martin wrote: > > > Probably fine for preventing casual eavesdropping, but for genuinely > > sensitive applications, should not be considered good enough, unless > > I'm missing some important detail... > > If you can't trust but need to, then verify. The fingerprint over > a trusted channel. This has been part of PGP since the beginning.
Indeed, but that's what I've been saying. The use of autocrypt (or similar features) downplays the need for this, and encourages naive users to skip this important step. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
