[OTR-users] generating keys
Ian Goldberg
ian at cypherpunks.ca
Thu Nov 10 17:05:18 EST 2005
On Thu, Nov 10, 2005 at 01:53:12PM -0800, CLAY SHENTRUP wrote:
> You can just put a couple of extra lines on your web page, like this:
> > http://r6.ca/russellotr.asc
>
>
> that presumes one has a web page and that it is trustworthy. suppose the cia
> hacked it? not a great place to place trust imo.
No, there's no problem, even if the CIA hacks it, since it's GPG-signed.
What you're doing here is leveraging existing trust (GPG) to
authenticate your new (OTR) keys. I agree that it's approximately
pointless to put unsigned copies of your OTR keys on your webpage.
But if you've got GPG, and you put up a signed copy, you'll never have
to do the voice verification with your friends again (assuming they
already trust your GPG key).
- Ian
More information about the OTR-users
mailing list