Hi, Christoph Anton Mitterer: > In OpenPGP you have the additional problems that: > - at least until know communication with the keyservers is usually > unsecured: so not only the keyserver operator can attack you, but anyone > else that can MitM. Fortunately, that only matters when checking for revocations. One cannot MitM themselves into the web of trust. > - there are gazillions of keyserver operators (like me) and OpenPGP > implemntations usually default to some pool of keyservers... so in the > end you do not only have to trust one 3rd party (like - at least > technically - with X.509) but ??? 3rd parties to give you the correct > data. > This is an advantage. The pool keyservers talk to each other, after all. Thus, if somebody really wants to block a key's revocation, they have to MitM themselves into their target's path to all of them. -- -- Matthias Urlichs
Attachment:
signature.asc
Description: Digital signature