[messaging] Exposing MITM attacks socially engineered through group chat introductions
carlo von lynX
lynX at i.know.you.are.psyced.org
Sun Feb 1 02:22:20 PST 2015
On Sun, Feb 01, 2015 at 02:53:24AM +0100, Jeff Burdges wrote:
> Anyways, the problem with the current situation is : If we do not identify a “fingerprint” that’s safe to publish, then users imagine they can publish the identity key, the public key, or both.
>
> This is not an academic discussion, multiple savvy users have told me they assumed they could publish both.
I wouldn't expect the minority of existing PGP users to
be relevant. Would anyone else have the impulse to publish
a series of apparently random characters anywhere.
Is there any reason at all why this data is being displayed
by the UIs? I don't see any use for it anywhere. Manual keying
works by exchanging armors, no need to ever look at fingerprints.
--
E-mail is public! Talk to me in private using Tor.
torify telnet loupsycedyglgamf.onion DON'T SEND ME
irc://loupsycedyglgamf.onion:67/lynX PRIVATE EMAIL
http://loupsycedyglgamf.onion/LynX/ OR FACEBOOGLE
More information about the Messaging
mailing list