[messaging] TOFU to ease PGP key discovery
michael at briarproject.org
Mon Feb 9 05:19:51 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
What happens if the sender finds more than one key for the recipient?
Many PGP users (including myself) have published more than one key
over the years, and haven't always revoked their obsolete keys.
Do you have some heuristics for picking the best key, and if so, could
an adversary game those heuristics to get the sender to pick a key
published by the adversary?
On 09/02/15 08:58, Tankred Hase wrote:
> we've added HKP key server support to Whiteout Wail and have
> written a post about usability. Though I'd share it here:
> Thanks for any feedback!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Messaging