On Wed, Nov 19, 2014 at 6:19 AM, Maxwell Krohn <[email protected]> wrote:
> Exactly, we put more checks into our PGP implementation as a result of > this discussion: > > https://github.com/keybase/kbpgp/commit/ef9f264c5d4bd6e908d8da26c84863dffa19a662 Yes, you did what I just said above: "I am sure you can find one-off mitigations for attacks of this nature as they arise" But then the problem is everyone implementing your protocol needs to copy these mitigations, and ensure they're done correctly, or you'll have insecure clients (like Tim is worried about) If you just published key fingerprints with the proofs, none of this would be a problem. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
