On Tue, Mar 5, 2013 at 1:41 PM, StealthMonger <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jeffrey Walton <[email protected]> writes: > >> Its the key distribution problem. Its the cause of all the troubles. > > I don't understand. Please explain. > > What's wrong with the following simple idea: > > 1. p2p: The parties opportunistically verify out-of-band after > exchanging keys via public key servers or (insecure) email. That's basically SneakerNet. You moved the problem around. If you met and exchange keys, you wouldn't need to make the phone call. Do it at the pub over drink.
The problems are (1) It is often not practiced and (2) it surely does not scale. When is the last time you called a business and asked them to verify their certificate thumbprint before entering your credit card? You also have the problem of explaining it to your grandmom. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
