Y
Hacker News
new
|
ask
|
show
|
jobs
by
joelanders
4262 days ago
I wonder how they "confirm[ed] out of email that the keys we exchanged were not intercepted and replaced by your surveillants." Key exchange is the hardest part.
2 comments
theintern
4262 days ago
That was my thought as well. Given all communication is considered compromised, I can't think of a simple way to do this that isn't a face to face.
link
DINKDINK
4261 days ago
Could you explain how exchanging PGP keys over TLS would be compromised or compromisable?
link
belovedeagle
4261 days ago
Simple. Analog man-in-the-middle; i.e., you're not talking to who you think you're talking to. That's the whole point of key exchange.
link
pointernil
4262 days ago
Who doesn't ;) Any speculations? Ideas? Agreeing on an entropy source is one thing, but really exchanging keys out of NSAs sight is hard, right?
link