On 29/07/2013 01:45, Percy Alpha wrote: > key and plain public key to Google. Because Google doesn't know your > password, Google cannot server you a fake secret key, even though you > download your encrypted secret key from Google every time you login.
this is using encryption (your password) to provide verification. I don't believe this is safe (even if I can't came up with a way to break it). > When the users tries to send an email to another Gmail user B for the first > time, B's public key will be downloaded from Google and signed by A. Any > subsequent times when A tries to send email to B, A will not only download > B's key from Google but also verifies the authenticity of B's key. This > prevents MITM attack if Google is hacked or forced by law enforcement. (For > advanced users, Google can present the option to manually verify the public > key for the first email. ) but what if Gmail provides a fake key for B? Why should you automatically trust that key? Also, I miss the point of signatures: A signs B's key, but noone cares about that signature in that scheme. Am I missing something? I think that this scheme relies on trust on your email provider and on https not being MITM-ed, which I think is not common between people that want to use PGP. -- boyska -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
