[tor-talk] PGP and Signed Messages,
Seth David Schoen
schoen at eff.org
Fri Feb 19 19:53:15 UTC 2016
Seth David Schoen writes:
> People also don't necessarily check it in practice. Someone made fake
> keys for all of the attendees of a particular keysigning party in
> 2010 (including me); I've gotten unreadable encrypted messages from
> over a dozen PGP users as a result, because they believed the fake key
> was real or because software auto-downloaded it for them without
> checking the signatures.
This happened once again today, shortly after I wrote this message!
The person who made the mistake was a cryptography expert who has done
research in this area. So I fear the web of trust isn't holding up
very well under strain, at least in terms of common user practices with
popular PGP clients.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-talk
mailing list