Security of verifying gpg keys from internet key servers

David Woodfall dave at dawoodfall.net
Mon Aug 13 20:54:54 UTC 2018


On Monday 13 August 2018 20:22,
Matthias Apitz <guru at unixarea.de> put forth the proposition:
> On Monday, 13 August 2018 18:59:38 CEST, David Woodfall <dave at dawoodfall.net>
> wrote:
> > On Monday 13 August 2018 13:46,
> > Matthias Apitz <guru at unixarea.de> put forth the proposition:
> > > El día Monday, August 13, 2018 a las 12:34:08PM +0100, David Woodfall
> > > escribió:
> > >
> > > ...
> > > > PS:
> > > >
> > > > Do you have your key on a keyserver somewhere? I got a huge 30 sec
> > > > delay opening this because I only have keys.gnupg.net set as
> > > > keyserver. Not sure if there more popular ones these days?
> > >
> > > Dave, do you verify gnuPG keys/signs on the fly? Is this secure?
> > > Thx
> >
> > Mutt does it automatically. I don't know why it wouldn't be secure.
> >
>
> Well, verifying the identity of an unknown person with some server over the
> Inrernet is not very reliable, isn't it?

In what way? I think gnupg.net is a pretty secure source to look up
keys. There's no other way unless someone attaches/sends you there
key to import that I know about.

--

The game, anoraks.2.0.0.tgz, will be available from sunsite until somebody
responsible notices it and deletes it, and shortly from
ftp.mee.tcd.ie/pub/Brian, though they don't know that yet.
  -- Brian O'Donnell, odonnllb at tcd.ie

                                                            .--.  oo
                                                           (____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


More information about the Mutt-users mailing list