On 08-09-2014 16:03, Nicolai wrote: > And don't forget keys posted on websites available over TLS, as well as > the OpenBSD website, which is available via CVS over SSH. So there are > existing, authenticated methods for verifying signify pubkeys. The ssh fingerprints are only available on a non ssl web page. There are SSHFP records for this. But with no DNSSEC you incur on the same issue, of having to access the anoncvs page from many places/proxies/tor/etc to see if the ssh fingerprint match.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
