[tlrobinson]

I believe keda's point is it's served over HTTP not HTTPS so there's no way to verify you're not being MITM'd when looking at it.

(A possible workaround is to check via multiple connections, check Google's cache, etc)

[strictnein]

I mean, sure, but if you're sending him a PGP encrypted message, and his public key was messed with, the end result would just be his inability to open the message.

I think his actual point was to try and discredit the messenger.

[tlrobinson]

The attacker would then be able to read your encrypted messsage (and possibly re-encrypt it with the original key before forwarding it)

Also, PGP keys may also be used to sign software or other public messages (not a typical use-case for journalists, though)

[strictnein]

You're kind of out in the weeds now.

Also, you don't sign software or whatever with a public key, so I'm not 100% sure you understand how this works.

[codedokode]

HTTPS won't help against attacker that has a jurisdiction over CA and can force them to issue a certificate.