Charlie’s key is signed by Bob, who you also don’t trust, and Bob’s key is signed by Alice, who you do trust. Let’s say you’ve downloaded Charlie’s public key but don’t know if you can trust it. This creates the opportunity to introduce a sort of six degrees of separation trust model. In PGP you have the ability to use your private key to sign the someone else’s public key. It would be extremely difficult to pull off a MITM attack after all that. If so, you can be reasonably confident the key is valid. Gather up all the keys and check to make sure they are all they same. To this end you can increase the trust in the public key by downloading it from multiple locations (home, work, the library, Starbucks, over Tor, etc), from multiple devices, and from multiple servers. It becomes much harder if the attacker has to watch the communications of multiple IP addresses and servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |