undefined | Better HN

0 pointsvenomsnake12y ago0 comments

And what happens when your keyserver gets hit with NSL to impersonate another party? Is there something to prevent it there as infrastructure or legal?

0 comments

dredmorbius12y ago

Please read a fundamental PKI text or FAQ. That isn't a viable threat model.

On the other hand, anyone at any time can create a key with any given name on it. Under PGP, trust is generally imbued through keysigning and trust metrics.

Keys are also cheap: two (or more) parties could create keys (or subkeys) they used exclusively for communications between themselves, if they so chose.

j / k navigate · click thread line to collapse

0 pointsvenomsnake12y ago0 comments

And what happens when your keyserver gets hit with NSL to impersonate another party? Is there something to prevent it there as infrastructure or legal?

0 comments

dredmorbius12y ago

Please read a fundamental PKI text or FAQ. That isn't a viable threat model.

On the other hand, anyone at any time can create a key with any given name on it. Under PGP, trust is generally imbued through keysigning and trust metrics.

Keys are also cheap: two (or more) parties could create keys (or subkeys) they used exclusively for communications between themselves, if they so chose.

j / k navigate · click thread line to collapse