[ale] emailing public dsa key (good, bad or ugly?)

David Corbin dcorbin at machturtle.com
Wed Jan 25 14:37:23 EST 2006


On Wednesday 25 January 2006 06:52 pm, Michael Hirsch wrote:
> Why bother?  Why not just send the public key?  Isn't that why it's called
> "public"?  It should be safe to publish the key in an newspaper or blog. 
> Is there a risk we haven't heard of?
>
> You solution requires him to publish his public GPG key.  Doesn't the same
> question apply?

The issue, I think, is one of idenitity/integrity.  How does the reciever know 
the key he recieves has not been "tweaked" during the sending?  That is, it's 
not that the public key is "something to hide", it's just something to be 
SURE is from who you think it's from.

David.




More information about the Ale mailing list