[Standards-JIG] Re: UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Jesper Krogh jesper at krogh.cc
Thu Mar 18 22:57:13 UTC 2004


I gmane.network.jabber.standards-jig, skrev Joe Hildebrand:
>  So, for example, storing your public key in vcard probably isn't good
>  enough.  What if Mallory rooted your server, and had it respond with one
>  public key when you asked for yours (to check it), and a different one to
>  me?

That's why the public-key should be verfied and signed by you before you
trust it. Then you can store the publickey on any insecure place and
trust it anyway. 


-- 
./Jesper Krogh, jesper at krogh.cc
Jabber ID: jesper at jabbernet.dk





More information about the Standards mailing list