In message <[EMAIL PROTECTED]>, Dan Geer writes: > >> How do they exchange public keys? Via email I'll bet. > >Note that it is trivial(*) to construct a self-decrypting >archive and mail it in the form of an attachment. The >recipient will merely have to know the passphrase. If >transit confidentiality is your aim and old versions >of documents are irrelevant once the ink is dry on the >proverbial bond paper, this is quite workable and involves >no WoT at all, just POTS. No! We've discussed this point many times before -- what if the attacker sends a Trojan horse executable? --Steve Bellovin
- Re: More thoughts on Man... Ben Laurie
- Re: More thoughts on Man... Arnold G. Reinhold
- Re: reflecting on PGP, keyservers,... Arnold G. Reinhold
- Re: reflecting on PGP, keyservers, and the Web... Russell Nelson
- Re: reflecting on PGP, keyservers, and the... Dave Del Torto
- Re: reflecting on PGP, keyservers, and... Ben Laurie
- Re: reflecting on PGP, keyservers, and the... Jaap-Henk Hoepman
- Re: reflecting on PGP, keyservers, and... Bill Stewart
- Re: reflecting on PGP, keyservers, and the Web of T... Paul Crowley
- Re: reflecting on PGP, keyservers, and the Web of T... Steven M. Bellovin
- Re: reflecting on PGP, keyservers, and the Web of T... lcs Mixmaster Remailer