Richard Heck wrote: > On 07/01/2016 04:00 PM, Pavel Sanda wrote: >> Cyrille Artho wrote: >>> Without https the signatures are not very useful. >> I fail to follow what do you mean by this. > > Without https, a man-in-the-middle attack is possible, and of course > the signatures could also be faked. But I'm not sure that makes them > "not very useful". It just makes them not perfect.
Man-in-the middle for pgp signature? You stay in the middle and you send me whatever packet you want. However you don't have my secret key for the signature. So what you are going to do to fake it? Pavel
