|
|
|
|
|
|
by 102030485868
3881 days ago
|
|
|
Some part of a key exchange needs to be out-of-band. Alice communicating to Bob what the hash of her public key is over the phone, in person, or otherwise is good enough. Doing that allows Bob to verify whether or not a specific public key belongs to Alice. The problem with hosting a key on a website is that it only really works if the domain has an extended validation certificate, i.e. someone proved their identity to their domain registrar. Then things just become a question of how much you trust the CA. |
|
|