Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.

Karl Fogel kfogel at red-bean.com
Sun Jul 28 16:29:23 PDT 2013


Tony Arcieri <tony.arcieri at gmail.com> writes:
>How? At the very least Alice/Bob need an authenticated/trusted channel
>for this.
>
>If Alice sends Bob her "public key" over an untrusted channel, it can
>be intercepted by an MitM posing as Bob who can then intercept all
>traffic between Alice/Bob 

In the real world, one often has a temporary-but-secure channel with
someone (e.g., you meet them in person briefly somewhere, with a trusted
intermediary who knows both of you).  Then later, you want to
communicate securely with your new acquaintance.

It doesn't mean MitM never happens.  But let's not deny away real world
scenarios by imposing theoretical limitations where they don't
necessarily apply.  Often when you want to communicate with someone, you
already have some shared bit of context that allows you to bootstrap
authenticated identities.

-K



More information about the liberationtech mailing list