[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Karl Fogel
kfogel at red-bean.com
Sun Jul 28 16:29:23 PDT 2013
Tony Arcieri <tony.arcieri at gmail.com> writes:
>How? At the very least Alice/Bob need an authenticated/trusted channel
>for this.
>
>If Alice sends Bob her "public key" over an untrusted channel, it can
>be intercepted by an MitM posing as Bob who can then intercept all
>traffic between Alice/Bob
In the real world, one often has a temporary-but-secure channel with
someone (e.g., you meet them in person briefly somewhere, with a trusted
intermediary who knows both of you). Then later, you want to
communicate securely with your new acquaintance.
It doesn't mean MitM never happens. But let's not deny away real world
scenarios by imposing theoretical limitations where they don't
necessarily apply. Often when you want to communicate with someone, you
already have some shared bit of context that allows you to bootstrap
authenticated identities.
-K
More information about the liberationtech
mailing list