On 08/30/2016 10:04 AM, John Hein wrote: > Werner Koch wrote at 16:39 +0200 on Aug 30, 2016: > > Hi, > > > > I just published a writeup on how to setup the Web Key Service at > > https://gnupg.org/blog/20160830-web-key-service.html > > > > A plain text copy is below. If you have comments, please send them as > > reply. > > Nice writeup. > > Maybe add some _brief_ words about trust. We understand how > keyservers can provide an "invalid" key. This is a tad bit more > elaborate, but could still be abused. > > The thing about trust for the laymen is that it'd be nice if there was > a short not overly technical presentation about how various methods > can be compromised and how to be reasonably sure about safety. So > that the user can decide about when and how they might want to do > additional vetting. > > Someone could set up an https://wernerkoch.info with a bogus key, send > out an email impersonating Werner and pointing to that web service, > right?
What are the defects in <https://keybase.io/>? _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
