|
|
|
|
|
|
by alaaibrahim
4327 days ago
|
|
|
> Now let's ignore the fact that you've just leaked your key request to an untrusted server via HTTP.
This is a public Key, so secrecy it's not needed here, also he is providing the Fingerprint on another location, so if there was a MITM attack, it should happen on both twitter (HTTPS) and pgp.mit.edu |
|
|
Of course, e-mail headers, including From and To, must necessarily transit as cleartext, even when e-mail bodies are protected by PGP. The keyserver should perhaps be the least of Matthew's concern.