On 09/18/2013 04:14 PM, Philip Jägenstedt wrote: > Yeah, that sounds like a useful approach. If I assume that the Wayback > Machine isn't part of a conspiracy against me, then I could use it to > check what signing keys were listed on gnupg.org in the past: > > http://web.archive.org/web/20070610103602/http://www.gnupg.org/signature_key.en.html
Given that the above link is cleartext (http instead of https), you're
also trusting every machine connected to the network path between you
and web.archive.org to not imperceptibly MITM your connection.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
