[messaging] Keybase Proofs
bascule at gmail.com
Wed Nov 19 10:14:06 PST 2014
On Wed, Nov 19, 2014 at 6:19 AM, Maxwell Krohn <themax at gmail.com> wrote:
> Exactly, we put more checks into our PGP implementation as a result of
> this discussion:
Yes, you did what I just said above:
"I am sure you can find one-off mitigations for attacks of this nature as
But then the problem is everyone implementing your protocol needs to copy
these mitigations, and ensure they're done correctly, or you'll have
insecure clients (like Tim is worried about)
If you just published key fingerprints with the proofs, none of this would
be a problem.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging