undefined | Better HN

0 pointsfrabbit8y ago0 comments

How are we supposed to verify keys.asc?

(To be a bit more explicit: searching for either the pub (57F6FB06) or sub(0E46390F) keys on hkps.pool.sks-keyservers.net returns no result)

0 comments

Just because it's on a keyserver doesn't mean it's trustworthy. Keyservers do no verification of any kind on the keys they host.

If you(r system) trust the certificate that https://updates.signal.org/ is using, you should be confident that you are getting the correct keys.

(You shouldn't trust a stranger on the internet, but I am getting the same keys when I download them.)

j / k navigate · click thread line to collapse

0 pointsfrabbit8y ago0 comments

How are we supposed to verify keys.asc?

(To be a bit more explicit: searching for either the pub (57F6FB06) or sub(0E46390F) keys on hkps.pool.sks-keyservers.net returns no result)

Just because it's on a keyserver doesn't mean it's trustworthy. Keyservers do no verification of any kind on the keys they host.

If you(r system) trust the certificate that https://updates.signal.org/ is using, you should be confident that you are getting the correct keys.

(You shouldn't trust a stranger on the internet, but I am getting the same keys when I download them.)

j / k navigate · click thread line to collapse