I've just realised the error in my own logic there. Of course a MITM could
send a fake key, but the digital signatures on it still can't be faked. In
that sense, I am simply acting as a keyserver for my own key.

I withdraw the below email, and apologise for posting it without thinking it
through a bit more thoroughly.


-----Original Message-----
From: Jill Ramonsky 
Sent: Wednesday, June 11, 2003 9:20 AM
Subject: RE: Keyservers and Spam

> From: David Honig 
> Sent: Tuesday, June 10, 2003 11:53 PM
> Subject: RE: Keyservers and Spam
> You email your key to those who justify the request.  In plaintext,
> or on the phone.  What is the problem with that? 

The possibility of a MITM attack.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to