On Sun, Sep 28, 2003 at 10:57:25PM +0200, Ismael Valladolid Torres wrote: > El domingo, 28 de septiembre de 2003, a las 17:38, Pigeon escribe: > > OK, the fake key will have a different fingerprint, but given that > > Roberto has said he's experimenting with gpg, suddenly finding a new > > key wouldn't be too surprising. > > No public keys are trusted by default. I won't trust a signature of > anybody claiming to be Roberto, unless I have verified the fingerprint > for the key used *personally* with Roberto, or somebody I trust have > signed that key. This is what the ability to sign other's keys is > useful for.
I know; see my next paragraph... I'm pointing out that the system is not necessarily "magically" secure if not used with the intended rigour, as may be the case on a mailing list environment, or if outhouse excess supported pgp. However secure the algorithms involved may be, any cryptographic system can be compromised by slackness and complacency on the part of its users. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature
